[SECURITY ADVISORY] Security Advisory for Malware on QTS - NAS-201902-13

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
Post Reply
User avatar
Toxic17
Experience counts
Posts: 4938
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

[SECURITY ADVISORY] Security Advisory for Malware on QTS - NAS-201902-13

Post by Toxic17 » Thu Feb 14, 2019 7:05 am

Security Advisory for Malware on QTS
Release date: February 13, 2019
Security ID: NAS-201902-13
Severity: High
CVE identifier: N/A
Affected products: To be confirmed
Summary
A recently reported malware is known to affect QNAP NAS devices. We are currently analyzing the malware and will provide the solution as soon as possible.

If you have any questions regarding this issue, please contact us through the QNAP Helpdesk.

Recommendation
To avoid possible exploits, you must:

Manually update Malware Remover to the latest version.
Update QTS to the latest version.
Update all apps installed on your NAS.
In case you encounter problems or receive the following error message while updating Malware Remover, please wait for the solution:

[App Center] Failed to install MalwareRemover. Model does not support MalwareRemover.

Manually Installing and Running the Latest Version of Malware Remover
On your web browser, go to the QNAP App Center.
Select your QTS version.
The application list appears.
Locate and click Malware Remover.
The Malware Remover download window appears.
Identify your processor type, and then click Download.
Your system downloads the installer zip file.
Extract the installer file.
Log on to QTS as administrator.
Open App Center, and then click .
The manual installation dialog box appears.
Read the instructions, and then click Browse.
The file broswer appears.
Locate and select the installer file.
Click Install.
A confirmation message appears.
Click OK.
QTS installs the latest version of Malware Remover.
A confirmation message appears.
Click OK.
The required updates dialog box appears.
Click Update Now.
QTS updates Malware Remover to the latest version.
Open Malware Remover.
Click Start Scan.
Malware Remover scans the NAS for malware.
Installing the QTS Update
Log on to QTS as administrator.
Go to Control Panel > System > Firmware Update.
Under Live Update, click Check for Update.
QTS downloads and installs the latest available update.
Updating All NAS Applications
Log on to QTS as administrator.
Open App Center.
Locate Install Updates on the upper right corner of the screen.
Click All.
A confirmation message appears.
Click OK.
QTS updates all installed applications.


Revision History: V1.0 (February 13, 2019) - Published
Regards Simon

QNAP 4.3.x/4.2.x Manuals

QNAP Club Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-473-32GB QM2-2P QXG-10G1T 4.3.6.0993 • TVS-463-16GB 4.3.6.0993 QM2-2S10G1TB • TS-459 Pro 2GB 4.2.6 • TS-121 4.3.3.0967 • APC Back-UPS ES 700G •
QPKG's: TwonkyServer 8.51 • Apache73 • QSonarr 3.0.1.503 • QNBZGet 21.0 • phpMyAdmin 4.8.5 • Qmono 5.20.1.19 • McAfee 2.2.0 • Lychee 3.2.15 • HBS 3.0.190802 • LEgo v3.0.0
Network: VM Hub 3.0 <500/35> • UniFi USG Pro 4 • UniFi USW-16-150W • UniFi USW-8-60W • UniFi CloudKey Gen2+• UniFi G3-Flex • UAP AC Pro • UAP AC Lite • SLM2008 • Dell 7050 MFF •

User avatar
Toxic17
Experience counts
Posts: 4938
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: [SECURITY ADVISORY] Security Advisory for Malware on QTS - NAS-201902-13

Post by Toxic17 » Thu Mar 14, 2019 7:00 pm

Still this advisory has not yet been updated.
Affected products: To be confirmed

Revision History: V1.0 (February 13, 2019) - Published
Regards Simon

QNAP 4.3.x/4.2.x Manuals

QNAP Club Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-473-32GB QM2-2P QXG-10G1T 4.3.6.0993 • TVS-463-16GB 4.3.6.0993 QM2-2S10G1TB • TS-459 Pro 2GB 4.2.6 • TS-121 4.3.3.0967 • APC Back-UPS ES 700G •
QPKG's: TwonkyServer 8.51 • Apache73 • QSonarr 3.0.1.503 • QNBZGet 21.0 • phpMyAdmin 4.8.5 • Qmono 5.20.1.19 • McAfee 2.2.0 • Lychee 3.2.15 • HBS 3.0.190802 • LEgo v3.0.0
Network: VM Hub 3.0 <500/35> • UniFi USG Pro 4 • UniFi USW-16-150W • UniFi USW-8-60W • UniFi CloudKey Gen2+• UniFi G3-Flex • UAP AC Pro • UAP AC Lite • SLM2008 • Dell 7050 MFF •

Blackbar7
Know my way around
Posts: 112
Joined: Fri Jan 04, 2019 7:33 pm

Re: [SECURITY ADVISORY] Security Advisory for Malware on QTS - NAS-201902-13

Post by Blackbar7 » Fri Mar 15, 2019 7:20 pm

Toxic17 wrote:
Thu Mar 14, 2019 7:00 pm
Still this advisory has not yet been updated.
Affected products: To be confirmed

Revision History: V1.0 (February 13, 2019) - Published
What did you expect from qnap?
I am asking for about years to upgrade php. No luck.
TS-253 8Gb Pro with QTS 4.4.1.0978 build 20190627 Public Beta
TS-131 1Gb with QTS 4.4.1.0978 Build 20190627 Public Beta
Both drives are equiped with WD-RED drives.
Affordable seedbox > https://panel.seedbox.io/aff.php?aff=641

User avatar
Toxic17
Experience counts
Posts: 4938
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: [SECURITY ADVISORY] Security Advisory for Malware on QTS - NAS-201902-13

Post by Toxic17 » Fri Mar 15, 2019 9:55 pm

The php 7.x upgrade will break most QNAP web apps supported by them now, so they would need to update PHP, then update all web apps to support php7.x and only then, release all of them together.
Regards Simon

QNAP 4.3.x/4.2.x Manuals

QNAP Club Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-473-32GB QM2-2P QXG-10G1T 4.3.6.0993 • TVS-463-16GB 4.3.6.0993 QM2-2S10G1TB • TS-459 Pro 2GB 4.2.6 • TS-121 4.3.3.0967 • APC Back-UPS ES 700G •
QPKG's: TwonkyServer 8.51 • Apache73 • QSonarr 3.0.1.503 • QNBZGet 21.0 • phpMyAdmin 4.8.5 • Qmono 5.20.1.19 • McAfee 2.2.0 • Lychee 3.2.15 • HBS 3.0.190802 • LEgo v3.0.0
Network: VM Hub 3.0 <500/35> • UniFi USG Pro 4 • UniFi USW-16-150W • UniFi USW-8-60W • UniFi CloudKey Gen2+• UniFi G3-Flex • UAP AC Pro • UAP AC Lite • SLM2008 • Dell 7050 MFF •

User avatar
Toxic17
Experience counts
Posts: 4938
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: [SECURITY ADVISORY] Security Advisory for Malware on QTS - NAS-201902-13

Post by Toxic17 » Mon Apr 22, 2019 2:22 am

Update from QNAP at last.

Affected products: QNAP NAS devices with QTS 4.2.6 build 20181227,
QTS 4.3.3 build 20190102,
QTS 4.3.4 build 20190102,
QTS 4.3.6 build 20181228 and earlier versions

more info here:

https://www.qnap.com/en-au/security-adv ... -201902-13

Revision History:
V1.1(April 19, 2019) - Update Affected Products, Summary and Recommendation
V1.0 (February 13, 2019) - Published
Regards Simon

QNAP 4.3.x/4.2.x Manuals

QNAP Club Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-473-32GB QM2-2P QXG-10G1T 4.3.6.0993 • TVS-463-16GB 4.3.6.0993 QM2-2S10G1TB • TS-459 Pro 2GB 4.2.6 • TS-121 4.3.3.0967 • APC Back-UPS ES 700G •
QPKG's: TwonkyServer 8.51 • Apache73 • QSonarr 3.0.1.503 • QNBZGet 21.0 • phpMyAdmin 4.8.5 • Qmono 5.20.1.19 • McAfee 2.2.0 • Lychee 3.2.15 • HBS 3.0.190802 • LEgo v3.0.0
Network: VM Hub 3.0 <500/35> • UniFi USG Pro 4 • UniFi USW-16-150W • UniFi USW-8-60W • UniFi CloudKey Gen2+• UniFi G3-Flex • UAP AC Pro • UAP AC Lite • SLM2008 • Dell 7050 MFF •

Post Reply

Return to “Users' Corner”