QNAP NAS Remote Code Execution Vulnerability

Last Update Date: 12 Sep 2017 09:44 Release Date: 12 Sep 2017 3391 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability was identified in QNAP NAS with the Media Streaming Add-On installed. A user may gain access to the NAS and execute a malicious code without requiring any privileges.

Impact

  • Remote Code Execution

System / Technologies affected

  • All QNAP NAS currently or previously installed with the Media Streaming Add-On

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Install QTS 4.2.6 build 20170905 or QTS 4.3.3.0262 build 20170727
  • Then update the Media Streaming Add-on:
    QTS 4.3.x: Media Streaming Add-On 430.1.4.1 or later
    QTS 4.2.x: Media Streaming Add-On 421.1.1.1 or later

Vulnerability Identifier

Source

Related Link

Share with

Previous

Apache Struts 2 Remote Code Execution Vulnerability

11 Sep 2017 3692 Views

Next

Microsoft Monthly Security Update (Sep 2017)

13 Sep 2017 4345 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY