QNAP NAS users locked out after firmware update snafu
Affected customers gripe about storage biz's tech support
Owners of QNAP network-attached storage (NAS) boxes are finding that a firmware update has left them unable to log into their device, and a reset doesn't seem to fix the issue.
The Taiwan-based storage biz specializes in NAS kit and offers a whole portfolio of models to address various needs. However, users are complaining of issues following a firmware release that went out to some products last week.
According to posts on the company's community forums, the update in question is QTS 5.2.2.2950, build 20241114. QTS is the firm's Linux-based operating system for its entry-level and mid-range products.
The firmware upgrade was removed for some models sometime after it was released, yet users are contiuing to gripe that QNAP has failed to disclose which models were affected by the errant update.
"I thought I had a problem with my QNAP, so I used three second reset and now I can't log in at all," one customer complained, who added they still see an error message saying: "Your login credentials are incorrect or account is no longer valid."
The user explained they have two identical TS-653D NAS servers. "Because I can no longer get to either machine, I have completely reset one by holding the reset button for 10 seconds and after two beeps released. This has been completely reset as I can see in Qfinder [QNAP's desktop tool], only I still cannot access it with 'admin' and The Cloud Key Password."
A seemingly more tech-savvy user revealed: "I have raised this with QNAP, but so far the devs/support are silent. Not even any guidance to any possible issues."
Another user said: "It is also available as an update for my TS-453D in AMIZ. But AMIZ is not able to apply it." AMIZcloud is a SaaS tool for deploying, managing, and monitoring QNAP devices.
In response to our queries, a QNAP spokesperson told us: "We recently released the QTS 5.2.2.2950 build 20241114 operating system update and received feedback from some users reporting issues with device functionality after installation.
"In response, QNAP promptly withdrew the operating system update, conducted a comprehensive investigation, and re-released a stable version of QTS 5.2.2.2950 build 20241114 within 24 hours."
- Researchers call out QNAP for dragging its heels on patch development
- QNAP vulnerability disclosure ends up an utter shambles
- DeadBolt ransomware takes another shot at QNAP storage
- Targeted ransomware takes aim at QNAP NAS drives, warns vendor: Get your updates done pronto
The firm said that only a limited number of NAS models were affected in the TS-x53D series and TS-x51 series: the HS-453DX, TBS-453DX, TS-251D, TS-253D, TS-653D, TS-453D, TS-453Dmini, TS-451D, TS-451D2. Other units running this latest version of the platform were unaffected, it claimed.
QNAP also says there are two options for any users still affected: downgrade, or contact tech support for assistance. We note, however, that one of the gripes on the customer forum was the lack of response from tech support over the problem.
It wouldn't be the first time an IT vendor has pushed out a software release that hasn't been adequately tested. Organizations all over the world were hit by a flawed update from cybersecurity vendor CrowdStrike that crashed computers and sent them into a boot loop in July, and Microsoft is a serial offender, with a recent Patch Tuesday preview causing computers to restart multiple times or become unresponsive.
QNAP also came under criticism earlier this year for being tardy in fixing vulnerabilities in multiple products that had been reported by security researchers. The latter eventually went public with warnings of the flaws after the NAS vendor had failed to issue patches more than 90 days later. ®