Qihoo 360 s Network Security Research Lab report a widening campaign targeting over 100 models used by 4.3 million QNAP NAS devices. Over 100 models of the company’s NAS devices are affected by two critical firmware bugs in systems that have not yet been patched. The bugs affect prior versions of the 3.0.3 Helpdesk firmware. One bug, tracked as CVE-2020-2506, is an improper-access-control vulnerability that allows attackers to escalate device privileges or read sensitive information.
Source: https://threatpost.com/miner-campaign-targets-unpatched-qnap-nas/164580/