- Release date: May 14, 2021
- Security ID: QSA-21-17
- Affected products: QNAP NAS running Roon Server
- Status: Investigating
The QNAP security team has detected an attack campaign in the wild related to a vulnerability in Roon Server. QNAP NAS running the following versions of Roon Server may be susceptible to attack:
- Roon Server 2021-02-01 and earlier
Recommendation
QNAP recommends users not to expose their NAS to the internet. Before a security update is available from Roon Labs, we also recommend disabling Roon Server to prevent potential attacks.
Disabling Roon Server
- Log on to QTS as administrator.
- Open the App Center and then click .
A search box appears. - Type “Roon Server” and then press ENTER.
Roon Server appears in the search results. - Click the arrow below the Roon Server icon.
- Select Stop.
The application is disabled.