The List Of QNAP NAS Devices Affected By OpenSSL Infinite Loop Vulnerability- CVE-2022-0778


QNAP, a Taiwanese NAT manufacturer company, issued a warning on the recently disclosed OpenSSL Infinite Loop vulnerability affecting its network-attached storage (NAS) appliances. According to the vendor, successful exploitation of the vulnerability on its products would allow attackers conduct denial-of-service attacks on its vulnerable NAS products. It is highly important for all QNAP NAS users to see the list of QNAP NAS Devices affected by OpenSSL Infinite Loop Vulnerability and take action to protect their devices. 

QNAP Acknowledgement:

QNAP stated, “An infinite loop vulnerability in OpenSSL has been reported to affect certain QNAP NAS. If exploited, the vulnerability allows attackers to conduct denial-of-service attacks.”

List Of QNAP NAS Devices Affected By OpenSSL Infinite Loop Vulnerability:

QNAP released a list of operating system versions affected by OpenSSL Infinite Loop Vulnerability (CVE-2022-0778). 

  • QTS 5.0.x and later
  • QTS 4.5.4 and later
  • QTS 4.3.6 and later
  • QTS 4.3.4 and later
  • QTS 4.3.3 and later
  • QTS 4.2.6 and later
  • QuTS hero h5.0.x and later
  • QuTS hero h4.5.4 and later
  • QuTScloud c5.0.x

How To Check QNAP NAS Devices Affected By OpenSSL Infinite Loop Vulnerability?

You need to check the QNAP NAS Firmware version to identify the vulnerable device. It is simple to check the QNAP Firmware (QTS) version on your NAS appliance.

  1. If you have the IP address of the QNAP NAS, you can directly access the login screen by typing the IP address on your favorite browser.
  2. Enter the credentials and log in to the QNAP NAS dashboard.
  3. Open on the control panel located at the left top side corner of the desktop.
  4. You will see the Firmware version at the top in the Control Panel wind.
See also  Security Logging and Monitoring – The #9 Web Application Security Risk

How To Fix OpenSSL Infinite Loop Vulnerability In QNAP NAS?

QNAP is still in the process of investigation, and no mitigation or patch has been released at the time of publishing this post. We urge all QNAP NAS owners to visit their official advisory and track the updates. 

Leave a Reply

Your email address will not be published. Required fields are marked *