Zerologon now affects NAS devices

According to NAS manufacturer QNAP, some network attached storage (NAS) devices may be vulnerable to the Windows Zerologon vulnerability. Attackers could take advantage of the bug to bypass security measures remotely. NAS devices running a vulnerable version of the QTS operating system are considered at risk.

In addition, NAS devices must be configured as Windows domain controllers in order for them to be exploited by a threat actor. While this is not particularly common, IT managers may choose to use NAS devices to configure user accounts and security. Hence this is possible.

Source link :