QNAP’s NAS and other devices are facing regular attacks from cybercriminals. At present, there are half a million QNAP devices connected to the internet, and attackers are exploiting these devices for various malicious purposes.

Ongoing attacks on QNAP devices

Lately, attacks on the Taiwanese NAS appliance maker have boomed. Moreover, unpatched or legacy devices are being regularly targeted by cybercrooks.
  • Recently, QNAP advised updating the HBS 3 disaster recovery app to stop Qlocker ransomware attacks aimed at internet-exposed NAS devices vulnerable to CVE-2021-28799. 
  • Qlocker was previously found targeting poorly-secured NAS drives. Victims were asked to pay 0.01 Bitcoins (or $400) for the recovery of files.
  • QNAP warned its customers regarding an actively exploited Roon Server zero-day flaw and eCh0raix ransomware attacks aimed at their NAS devices with weak passwords.
  • In April, QNAP customers were advised to secure their NAS devices to protect against Agelocker ransomware

Recent vulnerabilities 

Most QNAP devices are plagued with exploitable vulnerabilities that are being abused by attackers. 
  • A command injection vulnerability (CVE-2020-36198) has been reported to affect certain versions of Malware Remover. This vulnerability allows remote attackers to run arbitrary commands.
  • Last month, QNAP patched a pair of critical security vulnerabilities (CVE-2020-2509 and CVE-2020-36195) that could allow unauthenticated attackers to take control of NAS devices.


Cyberattacks on QNAP devices are constantly increasing, and they are expected to grow in the near future. Therefore, users are recommended to add additional layers of security for their devices to avoid any risk. Moreover, device owners should frequently update their QNAPs device firmware, app, or any add-ons.

Cyware Publisher