Just received from QNAP…
- Release date: May 14, 2021
- Security ID: QSA-21-17
- Affected products: QNAP NAS running Roon Server
- Status: Investigating
The QNAP security team has detected an attack campaign in the wild related to a vulnerability in Roon Server. QNAP NAS running the following versions of Roon Server may be susceptible to attack:
- Roon Server 2021-02-01 and earlier
We have already notified Roon Labs of the issue and are thoroughly investigating the case. We will release security updates and provide further information as soon as possible.
QNAP recommends users not to expose their NAS to the internet. Before a security update is available from Roon Labs, we also recommend disabling Roon Server to prevent potential attacks.
- Log on to QTS as administrator.
- Open the App Center and then click .
A search box appears.
- Type “Roon Server” and then press ENTER.
Roon Server appears in the search results.
- Click the arrow below the Roon Server icon.
- Select Stop.
The application is disabled.