Summary
QNAP security updates address 19 vulnerabilities, including 1 critical and 7 high severity vulnerabilities, across multiple products.
Risk
Vulnerability community impact estimate: MEDIUM/YELLOW (62.31/100)1.
Type
- Arbitrary Code Execution
Products and Versions
QNAP
- QTS 5.1.x
- QTS 4.5.x
- QTS 4.3.x
- QTS 4.2.x
- QuTS hero h5.1.x
- QuTS hero h4.5.x
- Video Station 5.x
- QuLog Center 1.8.x
- QuLog Center 1.7.x
Mitigation Actions
In line with vendor statements, it is recommended to update the affected products following the indications reported in the security bulletins, available in the References section.
Unique Vulnerability Identifiers
The following are the CVEs related to the vulnerabilities with severity “critical” and “high”:
References
https://www.qnap.com/it-it/security-advisory/qsa-24-24
https://www.qnap.com/it-it/security-advisory/qsa-24-33
https://www.qnap.com/it-it/security-advisory/qsa-24-26
https://www.qnap.com/it-it/security-advisory/qsa-24-27
https://www.qnap.com/it-it/security-advisory/qsa-24-30
https://www.qnap.com/it-it/security-advisory/qsa-24-32
https://www.qnap.com/it-it/security-advisories
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
