QNAP has announced that the older devices of the company will be receiving additional support even if they reach an end-of-life status. This decision was made as threat actors constantly aim network storage devices over the last months. QNAP devices were aimed with Qlocker and eCh0raix ransomware at separate times.
EOL devices will get updates until October 2022
The devices which are declared reaching end-of-life status have limited hardware capabilities. As a product reaches EOL, the manufacturer recommends upgrading to a newer product mostly because hardware restrictions will make it impossible to keep the software fully updated; including security.
Do not expose EOL NAS products to the internet, and disable UPnP / port forwarding functions
QNAP states that the company maintains the products for four years with security patches after it reaches EOL. However, because of the current security threats in the wild, the company will deliver more security patches for some of its EOL devices. Those security updates will be addressing only high-severity and critical vulnerabilities. It means your EOL devices that aren’t even getting security updates anymore, will not be fully secured with those extended support programs until October.
The company urges the users of EOL QNAP products not to expose them to the internet. QNAP also suggested disabling port forwarding and UPnP functions on the older devices for security reasons.