Security Alert (A23-11-05): Multiple Vulnerabilities in QNAP Products


 

Published on: 06 November 2023

  
  

Description:

QNAP has published security advisories to address multiple vulnerabilities in QNAP products. The list of security updates can be found at:
https://www.qnap.com/en/security-advisory/QSA-23-31
https://www.qnap.com/en/security-advisory/QSA-23-35
https://www.qnap.com/en/security-advisory/QSA-23-51

 

Affected Systems:

  • QNAP NAS devices running QTS operating system versions prior to 4.2.6 build 20230621, 4.3.3.2420 build 20230621, 4.3.4.2451 build 20230621, 4.3.6.2441 build 20230621, 4.5.4.2374 build 20230416, 5.0.1.2514 build 20230906, 5.1.1.2491 build 20230815
  • QNAP NAS devices running QuTS hero operating system versions prior to h4.5.4.2374 build 20230417, h5.0.1.2515 build 20230907, h5.1.1.2488 build 20230812
  • QNAP NAS devices running QuTScloud version prior to c5.1.0.2498

For detailed information of the affected products, please refer to the corresponding security advisory at vendor's website.

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution or information disclosure on an affected system.

 

Recommendation:

Patches for affected products are available. System administrators of affected products should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.qnap.com/en/security-advisory/QSA-23-31
  • https://www.qnap.com/en/security-advisory/QSA-23-35
  • https://www.qnap.com/en/security-advisory/QSA-23-51
  • https://www.hkcert.org/security-bulletin/qnap-nas-remote-code-execution-vulnerability_20231106
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23368 (to CVE-2023-23369)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39301


Tag: QNAP , NAS , QTS , QuTS hero , QuTScloud
Tags