QNAP NAS 多個漏洞

影響

• 遠端執行程式碼
• 阻斷服務
• 資料洩露
• 篡改
• 繞過保安限制
• 仿冒

受影響之系統或技術

• File Station 5 version 5.5.x
• HBS 3 Hybrid Backup Sync 25.1.x
• Helpdesk 3.3.x
• Qfinder Pro for Mac 7.11.x
• Qsync Client for Mac 5.1.x
• QTS 4.5.x
• QTS 5.1.x
• QTS 5.2.x
• QuLog Center 1.7.x
• QuLog Center 1.8.x
• QuRouter 2.4.x
• QuTS hero h4.5.x
• QuTS hero h5.1.x
• QuTS hero h5.2.x
• QuTS hero h5.x
• QVPN Device Client for Mac 2.2.x

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝供應商提供的修補程式：

• https://www.qnap.com/en/security-advisory/qsa-24-51
• https://www.qnap.com/en/security-advisory/qsa-24-53
• https://www.qnap.com/en/security-advisory/qsa-24-52
• https://www.qnap.com/en/security-advisory/qsa-24-54
• https://www.qnap.com/en/security-advisory/qsa-24-55
• https://www.qnap.com/en/security-advisory/qsa-25-01
• https://www.qnap.com/en/security-advisory/qsa-25-03
• https://www.qnap.com/en/security-advisory/qsa-25-05
• https://www.qnap.com/en/security-advisory/qsa-25-06
• https://www.qnap.com/en/security-advisory/qsa-25-07

漏洞識別碼

• CVE-2024-13086
• CVE-2024-38638
• CVE-2024-48864
• CVE-2024-50390
• CVE-2024-50394
• CVE-2024-50405
• CVE-2024-53692
• CVE-2024-53693
• CVE-2024-53694
• CVE-2024-53695
• CVE-2024-53696
• CVE-2024-53697
• CVE-2024-53698
• CVE-2024-53699
• CVE-2024-53700

資料來源

• QNAP

相關連結

• https://www.qnap.com/en/security-advisory/qsa-24-51
• https://www.qnap.com/en/security-advisory/qsa-24-53
• https://www.qnap.com/en/security-advisory/qsa-24-52
• https://www.qnap.com/en/security-advisory/qsa-24-54
• https://www.qnap.com/en/security-advisory/qsa-24-55
• https://www.qnap.com/en/security-advisory/qsa-25-01
• https://www.qnap.com/en/security-advisory/qsa-25-03
• https://www.qnap.com/en/security-advisory/qsa-25-05
• https://www.qnap.com/en/security-advisory/qsa-25-06
• https://www.qnap.com/en/security-advisory/qsa-25-07