Vulnerability in qbittorrent on TNAS TOS 6.0.650
Posted: 01 Jun 2025, 17:17
On May 31st, the following two processes were started on my TNAS through what I can only assume to be a vulnerability in qbittorrent:
Open ports:
The exe entries in /proc were pointing to deleted files in /tmp/
After stopping qbittorrent, these processes persisted of course. Due to the amount of CPU usage I suspect these were crypto miners. Needless to say, I am not at all happy about this, especially considering that all relevant updates have been applied. I am running TOS 6.0.650, the update notification for TOS 6.0.694 just popped up as I was writing this.
EDIT: Ok so, the TNAS qbittorrent version is so ancient, there's not even any point in raising a bug in their github. qbittorrent should be withdrawn from the store immediately, until it is updated.
Code: Select all
qbittor+ 2529723 252 14.5 2451080 2349244 ? Ssl May31 4456:33 ./gFjke
qbittor+ 2529748 251 14.6 2451064 2353448 ? Ssl May31 4438:19 ./8Lq3Code: Select all
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:25257 0.0.0.0:* LISTEN 2529723/./gFjke
tcp 0 0 192.168.178.20:25257 0.0.0.0:* LISTEN 2529723/./gFjke
tcp6 0 0 ::1:25257 :::* LISTEN 2529723/./gFjke
tcp6 0 0 fe80::69df:a02f:c:25257 :::* LISTEN 2529723/./gFjke
udp 0 0 0.0.0.0:6771 0.0.0.0:* 2529723/./gFjke
udp 0 0 0.0.0.0:6771 0.0.0.0:* 2529723/./gFjke
udp 5120 0 192.168.178.20:25257 0.0.0.0:* 2529723/./gFjke
udp 0 0 127.0.0.1:25257 0.0.0.0:* 2529723/./gFjke
udp 0 0 0.0.0.0:1701 0.0.0.0:* 2368/xl2tpd
udp 0 0 192.168.178.20:1900 0.0.0.0:* 2529723/./gFjke
udp 0 0 192.168.178.20:60917 0.0.0.0:* 2529723/./gFjke
udp 0 0 192.168.178.20:53097 0.0.0.0:* 2529723/./gFjke
udp6 0 0 :::6771 :::* 2529723/./gFjke
udp6 0 0 :::6771 :::* 2529723/./gFjke
udp6 0 0 fe80::69df:a02f:c:25257 :::* 2529723/./gFjke
udp6 0 0 ::1:25257 :::* 2529723/./gFjke
After stopping qbittorrent, these processes persisted of course. Due to the amount of CPU usage I suspect these were crypto miners. Needless to say, I am not at all happy about this, especially considering that all relevant updates have been applied. I am running TOS 6.0.650, the update notification for TOS 6.0.694 just popped up as I was writing this.
EDIT: Ok so, the TNAS qbittorrent version is so ancient, there's not even any point in raising a bug in their github. qbittorrent should be withdrawn from the store immediately, until it is updated.