QNAP NAS Multiple Vulnerabilities

Release Date: 13 Sep 2021 4786 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Multiple vulnerabilities were identified in QNAP NAS, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.

Impact

  • Remote Code Execution
  • Information Disclosure
  • Security Restriction Bypass

System / Technologies affected

  • NVR Storage Expansion version prior to 1.0.6 (2021/08/03)
  • QGD-1600P: QuNetSwitch version prior to 1.0.6.1509
  • QGD-1602P: QuNetSwitch version prior to 1.0.6.1509
  • QGD-3014PT: QuNetSwitch version prior to 1.0.6.1519
  • QSW-M2116P-2T2S 1.0.6 build prior to 210713
  • QTS 4.3.3.1693 build prior to 20210624
  • QTS 4.3.6.1750 build prior to 20210730
  • QTS 4.3.6: QUSBCam2 version prior to 1.1.4 ( 2021/07/30 )
  • QTS 4.5.4.1715 build prior to 20210630
  • QTS 4.5.4: QUSBCam2 version prior to 1.1.4 (2021/07/30)
  • QTS 5.0.0.1716 build prior to 20210701
  • QuTS hero h4.5.3: QUSBCam2 version prior to 1.1.4 (2021/07/30)
  • QuTS hero h4.5.4.1771 build prior to 20210825
  • QuTScloud c4.5.6.1755 build prior to 20210809
  • QuTScloud version prior to c4.5.6.1755

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

  • Apply fixes issued by the vendor:
    NVR Storage Expansion 1.0.6 (2021/08/03) and later
    QGD-1600P: QuNetSwitch 1.0.6.1509 and later
    QGD-1602P: QuNetSwitch 1.0.6.1509 and later
    QGD-3014PT: QuNetSwitch 1.0.6.1519 and later
    QSW-M2116P-2T2S 1.0.6 build 210713 and later
    QTS 4.3.3.1693 build 20210624 and later
    QTS 4.3.6.1750 build 20210730 and later
    QTS 4.3.6: QUSBCam2 1.1.4 ( 2021/07/30 ) and later
    QTS 4.5.4.1715 build 20210630 and later
    QTS 4.5.4: QUSBCam2 1.1.4 (2021/07/30) and later
    QTS 5.0.0.1716 build 20210701 and later
    QuTS hero h4.5.3: QUSBCam2 1.1.4 (2021/07/30) and later
    QuTS hero h4.5.4.1771 build 20210825 and later
    QuTScloud c4.5.6.1755 and later
    QuTScloud c4.5.6.1755 build 20210809 and later

 

 

Updating QTS, QuTS hero, or QuTScloud

  1. Log on to QTS, QuTS hero, or QuTScloud as administrator.
  2. Go to Control Panel > System > Firmware Update.
  3. Under Live Update, click Check for Update.
    QTS, QuTS hero, or QuTScloud downloads and installs the latest available update.

Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.

 

 

 

Updating QUSBCam2, NVR Storage Expansion, or QuNetSwitch

  1. Log on to QTS or QuTS hero as administrator.
  2. Open the App Center and then click .
    A search box appears.
  3. Type “QUSBCam2”, "NVR Storage Expansion", or "QuNetSwitch" and then press ENTER.
    QUSBCam2, NVR Storage Expansion, or QuNetSwitch appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your QUSBCam2, NVR Storage Expansion, or QuNetSwitch is already up to date.
  5. Click OK.
    The application is updated.

Vulnerability Identifier

Source

Related Link

Related Tags

QNAPRemote Code ExecutionInformation DisclosureSecurity Restriction Bypass

Share with

Previous

WordPress Multiple Vulnerabilities

13 Sep 2021 4519 Views

Next

Google Chrome Multiple Vulnerabilities

14 Sep 2021 6219 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY