Security Alert (A24-01-04): Multiple Vulnerabilities in QNAP Products


 

Published on: 08 January 2024

  
  

Description:

QNAP has published security advisories to address multiple vulnerabilities in QNAP products. The list of security updates can be found at:
https://www.qnap.com/en/security-advisory/QSA-23-22
https://www.qnap.com/en/security-advisory/QSA-23-23
https://www.qnap.com/en/security-advisory/QSA-23-27
https://www.qnap.com/en/security-advisory/QSA-23-32
https://www.qnap.com/en/security-advisory/QSA-23-34
https://www.qnap.com/en/security-advisory/QSA-23-54
https://www.qnap.com/en/security-advisory/QSA-23-55
https://www.qnap.com/en/security-advisory/QSA-23-64

 

Affected Systems:

  • QNAP NAS devices running QTS operating system versions prior to 5.1.4.2596 build 20231128
  • QNAP NAS devices running QuTS hero operating system versions prior to h5.1.4.2596 build 20231128
  • QNAP NAS devices running QcalAgent versions prior to 1.1.8
  • QNAP NAS devices running QuMagie versions prior to 2.2.1
  • QNAP NAS devices running Video Station versions prior to 5.7.2 (2023/11/23)

For detailed information of the affected products, please refer to the corresponding security advisory at vendor's website.

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution or denial of service on an affected system.

 

Recommendation:

Patches for affected products are available. System administrators of affected products should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.qnap.com/en/security-advisory/QSA-23-22
  • https://www.qnap.com/en/security-advisory/QSA-23-23
  • https://www.qnap.com/en/security-advisory/QSA-23-27
  • https://www.qnap.com/en/security-advisory/QSA-23-32
  • https://www.qnap.com/en/security-advisory/QSA-23-34
  • https://www.qnap.com/en/security-advisory/QSA-23-54
  • https://www.qnap.com/en/security-advisory/QSA-23-55
  • https://www.qnap.com/en/security-advisory/QSA-23-64
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43634
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39294
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39296
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41287 (to CVE-2023-41289)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45039 (to CVE-2023-45044)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47219
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47559 (to CVE-2023-47560)


Tag: NAS , QTS , QuTS hero , QcalAgent , QuMagie , Video Station
Tags