expired Posted by FaithfulCaribou200 • Nov 1, 2021
Nov 1, 2021 10:47 PM
expired Posted by FaithfulCaribou200 • Nov 1, 2021
Nov 1, 2021 10:47 PM
Save 15% on QNAP Network Attached Storage (NAS) Devices. TS-451D2-2G-US $398.70 + Free shipping
$399
$469
14% offAmazon
Visit AmazonGood Deal
Bad Deal
Save
Share
52 Comments
Sign up for a Slickdeals account to remove this ad.
The bug (CVE-2020-2509) resides in the NAS web server (default TCP port 8080), according to researchers.
"Previous RCE attacks on QNAP NAS models relied on web pages which do not require prior authentication, and run/trigger code in server-side. We've therefore inspected some CGI files (which implement such pages) and fuzzed a few of the more relevant ones," researchers described.
The flaw allows two types of attacks. One allows a remote attacker – with access to the web server (default port 8080) – to execute arbitrary shell commands, without prior knowledge of the web credentials.
The second attack "allows a remote attacker with access to the DLNA server (default port 8200) to create arbitrary file data on any (non-existing) location, without any prior knowledge or credentials. It can also be elevated to execute arbitrary commands on the remote NAS as well," according to researchers at SAM Seamless Network.
LOOKIE THERE! both of those involve "my dumb ass left my NAS facing the outward internet and open to attack...."
Not interested in continuing this conversation with you. The community has been warned. Good luck with your QNAP product if you choose to purchase. Proceed at your own risk.
That's cute. The good thing about the existence of competition, means that any customer can choose to take their dollars away from a shit company that makes a shit product, to a different company with a better approach with their products. QNAP lost droves of customers, and those are just the ones in the QNAP community forum and on reddit who threw in the towel and moved over to Synology and are on the synology subreddit now. I can only imagine what the total figure is that QNAP lost. For the sake of people who still use QNAP products, the shitshow this company went through over the last 3 years will hopefully force them to make improvements going forward. I wouldn't hold my breath.
Not interested in continuing this conversation with you. The community has been warned. Good luck with your QNAP product if you choose to purchase. Proceed at your own risk.
If you don't let shit in and out of your network willy nilly, they can't reach it behind your router... Such a difficult concept.
Community has been warned about shit that's patched up.
Sign up for a Slickdeals account to remove this ad.
Would this be good for that, is there something better for that? Any help would be appreciated.
Would this be good for that, is there something better for that? Any help would be appreciated.
----------------------------------------------------------------
I've been a qnap person since my 1st NAS and prefer qnap over synology (though i do own NAS boxes by both companies). most who frequent the SD threads know i was extremely vocal about being pro-qnap. so i understand if some will want to throw that in my face after my below post, but so be it.....
after qnap's mishandling of qsnatch, and their latest firmware bugs with both QTS and HBS, with releases that just make things worse without making them better....
i wholeheartedly cannot recommend this company anymore. this is coming from someone who used to be pro-qnap quite vocally in SD threads
they seem uninterested in fixing the problems, some of which have been ongoing for literally years. i have to intentionally keep my servers on an older firmware, open to vulnerability, in order for it to function properly. unacceptable. before switching over to synology, i had to keep my QNAP servers on QTS 4.3 and HBS 2.1 just to maintain propery functionality. tech support was laughable, even they admitted they are fully aware of problems and have no plans to fix them.
sorry for thread crapping, but i need to warn people who are considering this. check out the qnap threads on reddit and on the community forum. the firmware revs over the last 2 yrs are wreaking unexplained and unpredictable havoc. QNAP tech was not only slow they were flat out MIA during covid (they were basically refusing to interact with customers over the phone, insisting on tickets which they would close randomly when they didn't feel like dealing with you despite the issue not being fixed). as a company they really don't seem to have any direction and don't care about their own product or their customers.
----------------------------------------------------------------
i wouldn't even touch these for $200 to use myself, i value my data and functionality more than this company clearly does
I ended up buying that unit based on their post, and managed to get unRaid booted up. unRaid forums have a fews posts with peoples experiences, and I'll probably post mine once I've had time to mess with it.
Sign up for a Slickdeals account to remove this ad.
https://forum.qnap.com/viewtopic.php?t
I'm not saying it will happen to this Intel Celeron. But, be aware that if something like this happens, QNAP will completely sweep this issue under their rug, and you'll have to mend it yourself or buy another QNAP.