QNAP: Multiple Vulnerabilities in Samba (workarounds)


Level 37
Thread author
Top Poster
Feb 4, 2016
Release date: February 10, 2022


Multiple vulnerabilities in Samba have been reported to affect QNAP NAS. If exploited, these vulnerabilities allow attackers to access sensitive information, run arbitrary commands, and impersonate existing services:
  • CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share
  • CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution
  • CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services
QNAP is thoroughly investigating the vulnerabilities. We will release security updates and provide further information as soon as possible.


Before security updates are available, to secure your QNAP NAS we recommend the following actions:
  • Disable SMB 1.
  • Deny guest access to all shared folders

Disabling SMB 1
  1. Log on to QTS or QuTS hero.
  2. Go to Control Panel > Network & File > Win/Mac/NFS/WebDAV > Microsoft Networking.
  3. Click Advanced Options.
    The Advanced Options window opens.
  4. Next to Lowest SMB version, select SMB 2 or higher
  5. Click Apply.
... ... ...
  • +Reputation
Reactions: Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.