Critical security updates for Qnap network storage

    Spread the love

    Attackers may assault Qnap community storage (NAS) and, if an assault is profitable, execute malicious code. Safety patches shut the loopholes.

    One in a warning message with the risk degree “excessive“categorized XSS vulnerability (CVE-2021-28812) may depart code of attackers on methods Video Station from model 5.5.4 underneath the working methods QTS 4.5.2, QuTS hero h4.5.2 and QuTScloud c4.5.4. Based on Qnap, QTS 4.3.Three with Video Station 5.1.6 and QTS 4.3.6 with Video Station 5.3.11 will not be affected.

    Within the administration device Q’heart there’s additionally a with “excessive“categorized XSS vulnerability (CVE-2021-28807). Right here too, malicious code may discover its method onto NAS methods. The next variations are protected in opposition to this. Purposes will be up to date within the App Middle.

    • QTS 4.5.3, the Q’heart v1.12.1012
    • QTS 4.3.6, the Q’heart v1.10.1004
    • QTS 4.3.3: the Q’heart v1.10.1004
    • QuTS Held h4.5.2: from Q’heart v1.12.1012
    • QuTScloud c4.5.4: from Q’heart v1.12.1012

    One other XSS vulnerability (CVE-2021-28806, “medium“) impacts QTS and QuTS hero instantly. NAS homeowners ought to ensure that they’ve the newest firmware within the settings underneath System QTS Construct 20210428, QuTS hero h4.5.2.1638 construct 20210414 or QuTScloud c4.5.5.1656 Construct 20210503 put in. QTS 4.3.6 and QTS 4.3.Three shouldn’t be affected.




    Please enter your comment!
    Please enter your name here