• Home
  • |
  • Blog
  • |
  • The List Of QNAP NAS Devices Affected By OpenSSL Infinite Loop Vulnerability- CVE-2022-0778
List of QNAP NAS Devices Affected by OpenSSL Infinite Loop Vulnerability- CVE-2022-0778

QNAP, a Taiwanese NAT manufacturer company, issued a warning on the recently disclosed OpenSSL Infinite Loop vulnerability affecting its network-attached storage (NAS) appliances. According to the vendor, successful exploitation of the vulnerability on its products would allow attackers conduct denial-of-service attacks on its vulnerable NAS products. It is highly important for all QNAP NAS users to see the list of QNAP NAS Devices affected by OpenSSL Infinite Loop Vulnerability and take action to protect their devices. 

QNAP Acknowledgement:

QNAP stated, “An infinite loop vulnerability in OpenSSL has been reported to affect certain QNAP NAS. If exploited, the vulnerability allows attackers to conduct denial-of-service attacks.”

List Of QNAP NAS Devices Affected By OpenSSL Infinite Loop Vulnerability:

QNAP released a list of operating system versions affected by OpenSSL Infinite Loop Vulnerability (CVE-2022-0778). 

  • QTS 5.0.x and later
  • QTS 4.5.4 and later
  • QTS 4.3.6 and later
  • QTS 4.3.4 and later
  • QTS 4.3.3 and later
  • QTS 4.2.6 and later
  • QuTS hero h5.0.x and later
  • QuTS hero h4.5.4 and later
  • QuTScloud c5.0.x

How To Check QNAP NAS Devices Affected By OpenSSL Infinite Loop Vulnerability?

You need to check the QNAP NAS Firmware version to identify the vulnerable device. It is simple to check the QNAP Firmware (QTS) version on your NAS appliance.

  1. If you have the IP address of the QNAP NAS, you can directly access the login screen by typing the IP address on your favorite browser.
  2. Enter the credentials and log in to the QNAP NAS dashboard.
  3. Open on the control panel located at the left top side corner of the desktop.
  4. You will see the Firmware version at the top in the Control Panel wind.

How To Fix OpenSSL Infinite Loop Vulnerability In QNAP NAS?

QNAP is still in the process of investigation, and no mitigation or patch has been released at the time of publishing this post. We urge all QNAP NAS owners to visit their official advisory and track the updates. 

We hope this post would help you know The List of QNAP NAS Devices Affected by OpenSSL Infinite Loop Vulnerability- CVE-2022-0778. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this. 

Read More:

About the author

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience spanning IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

To know more about him, you can visit his profile on LinkedIn.

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.