- Hackers are actively exploiting a vulnerability in QNAP VioStor NVR (network video recorder) devices to deploy the Mirai malware, according to security researchers at Akamai.
- The vulnerability, tracked as CVE-2023-47565 and rated as “High” severity with a CVSS v3 score of 8.0, allows unauthorized access to video recordings, playback and remote data.
- Threat actors are primarily targeting older devices with versions 5.0.0 and earlier, using the device’s default credentials in the current configuration.
- QNAP recommends updating VioStor firmware on unsupported devices and changing default passwords to mitigate the risk.
- Security experts stress the importance of robust IoT practices, maintaining up to date software and implementing strong, unique passwords for all user accounts.
Cybersecurity researchers have recently identified that hackers are exploiting QNAP devices, specifically QNAP VioStor NVRs, as they frequently have known vulnerabilities or misconfigurations. Besides being an easy target, these devices often store valuable data, making them appealing for threat actors looking to compromise sensitive information or deploy malware and ransomware.
This particular vulnerability allows an authenticated attacker to exploit the OS command injection via a POST request to the devices’ management interface. It tends to rely on weak default credentials, making older or unsupported devices vulnerable to potential botnet infections.
As part of their investigation, researchers collaboratively worked with US-CERT and QNAP, confirming that the exploit primarily targets retired VioStor versions – specifically, those are 5.0.0 or earlier. The exploitation is done through a POST request to /cgi-bin/server/server.cgi, taking advantage of a remote code execution vulnerability.
These findings underline a pressing issue with legacy systems, which often serve as breeding grounds for new vulnerabilities. It highlights the need for better IoT practices, including the implementation of more robust security measures and longer software support. This is crucial not just for manufacturers but also for consumers who need to cultivate an awareness for system safety.
To mitigate existing vulnerabilities, security analysts recommend implementing strong passwords for all user accounts, keeping the QVR updated to the latest version, and implementing robust security policies and solutions.