Taiwanese QNbbabo.net has confirmed that some of its network-attached storage devices (NAS) are affected by an infinite loop vulnerability in the OpenSSL library.

According to company representatives, if the vulnerability is successfully exploited, attackers can carry out denial-of-service attacks.

Vulnerability CVE-2022-0778 was rated 7.5 points. It is related to a bug that occurs when parsing security certificates to trigger a denial of service condition and remotely crash vulnerable devices.

The vulnerability affects operating system versions QTS 5.0.x and higher, QTS 4.5.4 and higher, QTS 4.3.6 and higher, QTS 4.3.4 and higher, QTS 4.3.3 and higher, QTS 4.2.6 and higher, QuTS hero h5 .0.x and above, QuTS hero h4.5.4 and above, and QuTScloud c5.0.x

So far, there is no evidence of exploitation of the vulnerability in real attacks.

Previously, Asustor and QNbbabo.net NAS owners reported a DeadBolt ransomware attack. The criminals infected the device with the program and encrypted the data of the victim, and demanded a ransom in bitcoins as a ransom. The attackers also offered to provide full information about the QNbbabo.net vulnerability.

bbabo.Net