Attackers may assault Qnap community storage (NAS) and, if an assault is profitable, execute malicious code. Safety patches shut the loopholes.
One in a warning message with the risk degree “excessive“categorized XSS vulnerability (CVE-2021-28812) may depart code of attackers on methods Video Station from model 5.5.4 underneath the working methods QTS 4.5.2, QuTS hero h4.5.2 and QuTScloud c4.5.4. Based on Qnap, QTS 4.3.Three with Video Station 5.1.6 and QTS 4.3.6 with Video Station 5.3.11 will not be affected.
Within the administration device Q’heart there’s additionally a with “excessive“categorized XSS vulnerability (CVE-2021-28807). Right here too, malicious code may discover its method onto NAS methods. The next variations are protected in opposition to this. Purposes will be up to date within the App Middle.
- QTS 4.5.3, the Q’heart v1.12.1012
- QTS 4.3.6, the Q’heart v1.10.1004
- QTS 4.3.3: the Q’heart v1.10.1004
- QuTS Held h4.5.2: from Q’heart v1.12.1012
- QuTScloud c4.5.4: from Q’heart v1.12.1012
One other XSS vulnerability (CVE-2021-28806, “medium“) impacts QTS and QuTS hero instantly. NAS homeowners ought to ensure that they’ve the newest firmware within the settings underneath System QTS 184.108.40.2062 Construct 20210428, QuTS hero h220.127.116.118 construct 20210414 or QuTScloud c18.104.22.1686 Construct 20210503 put in. QTS 4.3.6 and QTS 4.3.Three shouldn’t be affected.