Security Alert (A23-08-16): Multiple Vulnerabilities in QNAP Products


 

Published on: 25 August 2023

  
  

Description:

QNAP has published security advisories to address multiple vulnerabilities in QNAP products. The details of security updates can be found at:
https://www.qnap.com/en/security-advisory/QSA-23-58
https://www.qnap.com/en/security-advisory/QSA-23-59
https://www.qnap.com/en/security-advisory/QSA-23-60

 

Affected Systems:

  • QNAP NAS devices running QTS operating system versions prior to 4.5.4.2467 build 20230718, 5.0.1.2425 build 20230609, 5.1.0.2444 build 20230629
  • QNAP NAS devices running QuTS hero operating system versions prior to h4.5.4.2476 build 20230728, h5.1.0.2424 build 20230609

For detailed information of the affected products, please refer to the corresponding security advisory at vendor's website.

 

Impact:

Successful exploitation of the vulnerabilities could lead to information disclosure or security restriction bypass on an affected system.

 

Recommendation:

Patches for affected products are available. System administrators of affected products should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.qnap.com/en/security-advisory/QSA-23-58
  • https://www.qnap.com/en/security-advisory/QSA-23-59
  • https://www.qnap.com/en/security-advisory/QSA-23-60
  • https://www.hkcert.org/security-bulletin/qnap-nas-multiple-vulnerabilities_20230825
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34971 (to CVE-2023-34973)


Tag: QNAP , QTS , QuTS hero
Tags