Hackers exploit QNAP devices because they often have known vulnerabilities or misconfigurations that can be exploited for unauthorized access.
Besides this, QNAP devices store valuable data, which makes them lucrative targets for threat actors seeking to:-
Compromise sensitive information
Deploy ransomware
Deploy malware
Recently, cybersecurity researchers at Akamai during InfectedSlurs research identified that hackers are actively exploiting the QNAP VioStor NVR (network video recorder) vulnerability to deploy “Mirai” malware.
QNAP VioStor NVR Vulnerability
The vulnerability has been tracked as CVE–2023-47565 and marked as a “High” severity flaw with a CVSS v3 score of 8.0.
NVR is a high-performance network surveillance solution for IP cameras and this high severity vulnerability poses risks to:-
Video recording
Playback
Remote data access
The authenticated attacker exploits the OS command injection via a POST request to the management interface with the help of this vulnerability.
Besides this, the vulnerability leverages the device’s default credentials in the current configuration.
Here below, we have mentioned all the affected versions of QNAP VioStor NVR firmware:-
VioStor NVR: Versions 5.0.0 and earlier (5.0.0 released June 21, 2014)
QNAP advises upgrading VioStor firmware on unsupported devices and changing default passwords.
A previously patched issue, undisclosed, was found during the InfectedSlurs campaign. Confirming zero-day status was challenging due to unattributed exploits in the absence of device or manufacturer linkage.
SIRT identifies QNAP VioStor NVR devices as the target of the exploit. Weak default credentials, coupled with OS command injection vulnerabilities in NTP settings, affect the following devices:-
IoT
NVR
After collaboration with US-CERT and QNAP, confirmation is received that only retired VioStor versions (5.0.0 or earlier) are targeted through a POST request to /cgi-bin/server/server.cgi, exploiting a remote code execution vulnerability.
Flaw Profile
CVE ID: CVE-2023-47565
Release date: December 9, 2023
Affected products: QVR Firmware 4.x
Summary: An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
Severity: High
CVSS v3 score: 8.0
Status: Resolved
Default credentials and old network systems invite botnet infections. Legacy systems are breeding grounds for new vulnerabilities, which highlights the need for better IoT practices.
Moreover, for both consumers and manufacturers, awareness is important, and not only that even for system safety must have:-
Longer software support
Robust security measures
Recommendations
Here below, we have mentioned all the recommendations provided by the security analysts:-
Make sure to apply strong passwords for all user accounts.
Keep updated the QVR to the latest version.
Implement robust security policies and solutions.
The post Hackers Actively Exploiting QNAP VioStor NVR Vulnerability to Deploy Mirai Malware appeared first on Cyber Security News.
