{"id":40284,"date":"2021-04-02T23:07:48","date_gmt":"2021-04-02T23:07:48","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\/"},"modified":"2021-04-02T23:07:48","modified_gmt":"2021-04-02T23:07:48","slug":"qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\/","title":{"rendered":"QNAP caught napping as disclosure delay expires, critical NAS bugs revealed"},"content":{"rendered":"<p>Some QNAP network attached storage devices are vulnerable to attack because of two critical vulnerabilities, one that enables unauthenticated remote code execution and another that provides the ability to write to arbitrary files.<\/p>\n<p>The vulnerabilities were made known to the Taiwan-based company on October 12, 2020, and on November 29, 2020, by SAM Seamless Network, a connected home security firm. They were found in the <a href=\"https:\/\/www.qnap.com\/en-us\/product\/ts-231+\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">QNAP TS-231<\/a>&#8216;s latest firmware, version 4.3.6.1446, which SAM claims was released on September 29, 2020, and QNAP&#8217;s website list as October 7, 2020 \u2013 which may represent different build numbers.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",button,mpu,\" data-sm=\",button,mpu,\" data-md=\",button,banner_plus,mpu\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGfTcGnLBdwJBkqjulRjggAAANM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGfTcGnLBdwJBkqjulRjggAAANM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;We reported both vulnerabilities to QNAP with a four-month grace period to fix them,&#8221; said Yaniv Puyeski, an embedded software security researcher at SAM, in a <a href=\"https:\/\/securingsam.com\/new-vulnerabilities-allow-complete-takeover\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">blog post<\/a> on Wednesday. &#8220;Unfortunately, as of the publishing of this article, the vulnerabilities have not yet been fixed.&#8221;<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2017\/05\/04\/malware_shutterstock.jpg?x=174&amp;amp;y=115&amp;amp;crop=1\" width=\"174\" height=\"115\" alt=\"malware\"><\/p>\n<h2 title=\"If you're still using a vulnerable box, you ought to factory reset it before patching\">Data-stealing, password-harvesting, backdoor-opening QNAP NAS malware cruises along at 62,000 infections<\/h2>\n<p><a href=\"https:\/\/www.theregister.com\/2020\/07\/27\/qnap_qsnatch_advisory\/\"><span>READ MORE<\/span><\/a><\/div>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",button,mpu_plusplus,\" data-sm=\",button,mpu_plusplus,\" data-md=\",button,mpu_plusplus,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YGfTcGnLBdwJBkqjulRjggAAANM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YGfTcGnLBdwJBkqjulRjggAAANM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>On Thursday, however, QNAP released <a href=\"https:\/\/www.qnap.com\/en\/download?model=ts-231&amp;category=firmware\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">TS-231 firmware version 4.3.6.1620<\/a>, which addresses a command injection vulnerability (CVE-2020-2509) and a vulnerability in Apache HTTP server (CVE-2020-9490). The release notes also say that support for &#8220;Wi-Fi ad-hoc mode&#8221; has been removed due to security concerns.<\/p>\n<p>The command injection flaw (CVE-2020-2509) is one of the vulnerabilities SAM reported.<\/p>\n<p>The other, <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/threatpost.com\/qnap-nas-devices-zero-day-attack\/165165\/\">according<\/a> to ThreatPost, has been designated CVE-2021-36195, which is not cited in QNAP&#8217;s release notes.<\/p>\n<p>It seems current, non-legacy hardware running firmware prior to QTS 4.5.2.1566 (build 20210202) and QTS 4.5.1.1495 (build 20201123) may also be vulnerable to the remote code execution bug and should be patched with QTS <a href=\"https:\/\/us1.qnap.com\/Storage\/TS-X72\/TS-X72_20210202-4.5.2.1566.zip\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">4.5.2.1566<\/a> (ZIP) or QTS <a href=\"https:\/\/us1.qnap.com\/Storage\/TS-X72\/TS-X72_20201123-4.5.1.1495.zip\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">4.5.1.1495<\/a> (ZIP), as applicable.<\/p>\n<p>The two vulnerabilities were found in the NAS web server and the DLNA (Digital Living Network Alliance) server, respectively, according to Puyeski, who said SAM has withheld details about the vulnerabilities because there are tens of thousands of QNAP devices exposed to the internet.<\/p>\n<p>The NAS web server bug was identified by fuzzing \u2013 injecting data programmatically \u2013 various cgi files, based on past observations that QNAP NAS devices have implemented web pages that don&#8217;t require authentication and execute server-side code. The security firm&#8217;s researchers found they could trigger remote code execution indirectly, by inducing certain behavior in other processes.<\/p>\n<p>Resolving the NAS bug is a matter of &#8220;adding input sanitizations to some core processes and library APIs,&#8221; said Puyeski.<\/p>\n<p>The issue with the DLNA server, which handles UPNP requests on port 8200 via the process <code>myupnpmediasvr<\/code>, is that a remote attacker can use the server to write an arbitrary file.<\/p>\n<p>ThreatPost claims this flaw is addressed in an updated version of QNAP&#8217;s media server app, <a href=\"https:\/\/www.qnap.com\/en\/app_center\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Multimedia Console 1.3.4<\/a>, though the update makes no mention of any security fixes.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",button,dbutton,mpu_plus,dmpu,\" data-sm=\",button,dbutton,mpu_plus,dmpu,\" data-md=\",button,dbutton,mpu_plus,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YGfTcGnLBdwJBkqjulRjggAAANM&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YGfTcGnLBdwJBkqjulRjggAAANM&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>QNAP did not immediately respond to a request for comment. SAM also did not respond to our inquiry. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2021\/04\/02\/qnap_bug_nas\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Remote code execution hole, arbitrary file writing flaw could make a mess of stored files Some QNAP network attached storage devices are vulnerable to attack because of two critical vulnerabilities, one that enables unauthenticated remote code execution and another that provides the ability to write to arbitrary files.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-40284","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>QNAP caught napping as disclosure delay expires, critical NAS bugs revealed 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"QNAP caught napping as disclosure delay expires, critical NAS bugs revealed 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-04-02T23:07:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGfTcGnLBdwJBkqjulRjggAAANM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"QNAP caught napping as disclosure delay expires, critical NAS bugs revealed\",\"datePublished\":\"2021-04-02T23:07:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\\\/\"},\"wordCount\":464,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGfTcGnLBdwJBkqjulRjggAAANM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\\\/\",\"name\":\"QNAP caught napping as disclosure delay expires, critical NAS bugs revealed 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGfTcGnLBdwJBkqjulRjggAAANM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2021-04-02T23:07:48+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGfTcGnLBdwJBkqjulRjggAAANM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGfTcGnLBdwJBkqjulRjggAAANM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"QNAP caught napping as disclosure delay expires, critical NAS bugs revealed\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"QNAP caught napping as disclosure delay expires, critical NAS bugs revealed 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\/","og_locale":"en_US","og_type":"article","og_title":"QNAP caught napping as disclosure delay expires, critical NAS bugs revealed 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-04-02T23:07:48+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGfTcGnLBdwJBkqjulRjggAAANM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"QNAP caught napping as disclosure delay expires, critical NAS bugs revealed","datePublished":"2021-04-02T23:07:48+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\/"},"wordCount":464,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGfTcGnLBdwJBkqjulRjggAAANM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\/","url":"https:\/\/www.threatshub.org\/blog\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\/","name":"QNAP caught napping as disclosure delay expires, critical NAS bugs revealed 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGfTcGnLBdwJBkqjulRjggAAANM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2021-04-02T23:07:48+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGfTcGnLBdwJBkqjulRjggAAANM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YGfTcGnLBdwJBkqjulRjggAAANM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/qnap-caught-napping-as-disclosure-delay-expires-critical-nas-bugs-revealed\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"QNAP caught napping as disclosure delay expires, critical NAS bugs revealed"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40284","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=40284"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40284\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=40284"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=40284"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=40284"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}