QNAP NAS Multiple Vulnerabilities
Release Date:
5 Jul 2021
4081
Views
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in QNAP NAS, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution and cross-site scripting on the targeted system.
Impact
- Remote Code Execution
- Cross-Site Scripting
System / Technologies affected
- QuLog Center versions prior to 1.2.0
- Q'center versions prior to 1.11.1004
- QTS 4.5.1.1540 build prior to 20210107
- QTS 4.5.2.1566 build prior to 20210202
- QTS 4.5.3.1652 build prior to 20210428
- QuTS hero h4.5.1.1582 build prior to 20210217
- QuTS hero h4.5.2.1638 build prior to 20210414
- QuTS hero h4.5.3.1670 build prior to 20210515
- QuTScloud c4.5.5.1656 build prior to 20210503
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://www.qnap.com/en/security-advisory/qsa-21-09
- https://www.qnap.com/en/security-advisory/qsa-21-29
- https://www.qnap.com/en/security-advisory/qsa-21-30
- https://www.qnap.com/en/security-advisory/qsa-21-31
- https://www.qnap.com/en/security-advisory/qsa-21-32
Vulnerability Identifier
- CVE-2020-25684
- CVE-2020-25685
- CVE-2020-25686
- CVE-2020-36194
- CVE-2020-36196
- CVE-2021-28802
- CVE-2021-28803
- CVE-2021-28804
Source
Related Link
- https://www.securitywizardry.com/the-radar-page/alert-details#alerts
- https://www.qnap.com/en/security-advisory/qsa-21-09
- https://www.qnap.com/en/security-advisory/qsa-21-29
- https://www.qnap.com/en/security-advisory/qsa-21-30
- https://www.qnap.com/en/security-advisory/qsa-21-31
- https://www.qnap.com/en/security-advisory/qsa-21-32
Related Tags
Share with