NAS devices affected by Zerologon flaw, QNAP warns

by Vlad Constantinescu
Vlad Constantinescu
Vlad Constantinescu
VPN Expert & Privacy Advocate
Vlad might have a degree in Animal Husbandry and Livestock Management, but he's currently rocking anything software related, ranging from testing programs to writing in-depth reviews about them.... read more
Affiliate Disclosure
  • QNAP issued a warning for its customers regarding certain NAS devices' vulnerabilities to the critical Zerologon exploit.
  • Apparently, NAS devices that have been used as domain controllers might be the most vulnerable units. However, security updates are now available to fix them.
  • Visit our Update & Security section for more guides and tools to keep your system safe.
  • Check out our Security News Hub for the latest developments in digital security.
QNAP NAS devices vulnerable Zerologon

NAS device manufacturer QNAP recently issued a warning to its customers regarding certain devices’ vulnerabilities.

Reportedly, certain versions of the QTS operating systems are vulnerable. Thus, devices running on compromised operating systems may be subject to attacks that target the Windows Zerologon vulnerability (CVE-2020-1472).

Zerologon allows security bypass on QNAP devices

What is Zerologon?

The CVE-2020-1472 vulnerability, also referred to as Zerologon, is a critical Windows flaw that potential attackers could exploit in an attempt to gain domain administrator privileges and consequently assume control of the whole domain.

This vulnerability was flagged as critical by the Microsoft security team and received the highest CVSS (Common Vulnerability Scoring System) score of 10.

Zerologon is based on exploiting an implementation flaw of the Netlogon protocol. The vulnerability can be exploited by sending several strings of zeros to Netlogon, which is also how the flaw got its Zerologon name.

Post-exploit, attackers can gain control of the entire domain on networks that use the Netlogon protocol by granting themselves domain administrator privileges.

QNAP domain controllers vulnerable

According to QNAP, not all NAS devices are inherently vulnerable, but ones that have been configured to run as domain controllers might be subject to Zerologon attacks.

The following versions were vulnerable and fixes by QNAP:

QTS build 20201015 and later
QTS build 20200925 and later
QTS Build 20200929 and later
QTS build 20201006 and later
QTS build 20201006 and later

QNAP Security Advisories – Zerologon

Note that versions QES and QTS 2.x were not affected by the Zerologon vulnerability, to begin with.

How to secure vulnerable QNAP NAS devices?

In an attempt to curb the impact of the Zerologon vulnerability on NAS devices, QNAP recommends updating the QTS and all installed applications as soon as possible.

How to install the QTS update?

  1. Log in the QTS with admin rights (you can use the NAS’ IP address or Qfinder Pro)
  2. Head over to the Control Panel
  3. Access the Firmware Update option in the System category
  4. Click Check for Update in the Live Update section

If you’re not comfortable with updating from QTS, you can also perform a manual update of your device by downloading the update files from the QNAP website.

How to update all installed applications?

  1. Log into the QTS with administrator privileges
  2. Head over to the App Center
  3. Go to the My Apps section
  4. Locate the Install Updates option and select All
  5. Confirm your selection and click OK

After doing so, QTS should apply the latest updates to all of your installed applications.

Was your QNAP NAS device affected by the Zerologon vulnerability? What do you think about QNAP’s measures to secure your NAS devices? Tell us your opinion in the comments section below.

This article covers:Topics: