September 6, 2022

QNAP Patches Zero-day Vulnerability Exploited by Deadbolt Ransomware

QNAP has issued a warning to customers of ongoing “DeadBolt” ransomware attacks that started on Saturday by exploiting a zero-day vulnerability in Photo Station.

Affected Products

• QTS 5.0.1 Photo Station Fixed in 6.1.2 and later.
• QTS 5.0.0/4.5.x Photo Station Fixed in 6.0.22 and later.
• QTS 4.3.6 Photo Station Fixed in 5.7.18 and later.
• QTS 4.3.3 Photo Station Fixed in 5.4.15 and later.
• QTS 4.2.6 Photo Station Fixed in 5.2.14 and later.

Mitigation

CYREBRO recommends updating QNAP NAS devices to the latest firmware version
additionally, it is also recommended to disable port forwarding on routers, prevent NAS devices from being accessible through the Internet, use strong passwords for user accounts, and perform regular backups to avoid data loss.

Workaround

Alternatively, QNAP recommends replacing Photo Station with QuMagie, a more secure photo storage management tool for QNAP NAS devices.

References:  QNAP Advisory