Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

QNAP Urges Users to Secure Devices Against Brute-Force Attacks

Network-attached storage appliance manufacturer QNAP Systems this week published an alert urging users to take the necessary steps to secure their devices against brute-force attacks.

Network-attached storage appliance manufacturer QNAP Systems this week published an alert urging users to take the necessary steps to secure their devices against brute-force attacks.

Recognized globally for its network-attached storage (NAS) and professional network video recorder (NVR) solutions, the Taiwan-based company has long advocated for improved device security in the face of various threats.

This week’s alert, the company underlines, has been published after a growing number of users reported that their devices have been targeted in brute-force attacks.

“QNAP urges its users to take immediate action to enhance the security of their devices. These actions include using strong passwords, changing the default access port number, and disabling the admin account,” the device manufacturer says.

QNAP also reveals that users have been complaining about adversaries attempting to log into QNAP devices by trying out a broad range of possible password combinations for the identified user accounts.

“If a simple, weak, or predictable password is used (such as ‘password’ or ‘12345’) hackers can easily gain access to the device, breaching security, privacy, and confidentiality,” QNAP says.

Additional steps that users can take to ensure that their devices are not targeted include keeping them away from public networks and ensuring that no default network ports are used for public services.

Furthermore, QNAP recommends that users set complex passwords for their accounts, that password policies are enabled, and that the admin account is disabled. These steps, the company says, can improve device security and mitigate brute-force attacks.

The device manufacturer also published an FAQ to provide users with additional information on how they can detect unauthorized login attempts on their devices, and on the steps they can take to prevent hackers from accessing the targeted device.

All users should remember that the use of weak passwords can render any device vulnerable to brute-force attacks, not only QNAP products. To prevent the use of common passwords, some tech companies have adopted policies that force users to choose stronger protections for their accounts.

Related: QNAP Warns NAS Users of ‘dovecat’ Malware Attacks

Related: Hackers Are Targeting a Three-Year Old Vulnerability in QNAP NAS Devices

Related: US, UK Warn of Malware Targeting QNAP NAS Devices

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...