QNAP NAS Multiple Vulnerabilities
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in QNAP NAS, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.
- Remote Code Execution
- Information Disclosure
- Security Restriction Bypass
System / Technologies affected
- NVR Storage Expansion version prior to 1.0.6 (2021/08/03)
- QGD-1600P: QuNetSwitch version prior to 188.8.131.529
- QGD-1602P: QuNetSwitch version prior to 184.108.40.2069
- QGD-3014PT: QuNetSwitch version prior to 220.127.116.119
- QSW-M2116P-2T2S 1.0.6 build prior to 210713
- QTS 18.104.22.1683 build prior to 20210624
- QTS 22.214.171.1240 build prior to 20210730
- QTS 4.3.6: QUSBCam2 version prior to 1.1.4 ( 2021/07/30 )
- QTS 126.96.36.1995 build prior to 20210630
- QTS 4.5.4: QUSBCam2 version prior to 1.1.4 (2021/07/30)
- QTS 188.8.131.526 build prior to 20210701
- QuTS hero h4.5.3: QUSBCam2 version prior to 1.1.4 (2021/07/30)
- QuTS hero h184.108.40.2061 build prior to 20210825
- QuTScloud c220.127.116.115 build prior to 20210809
- QuTScloud version prior to c18.104.22.1685
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor:
NVR Storage Expansion 1.0.6 (2021/08/03) and later
QGD-1600P: QuNetSwitch 22.214.171.1249 and later
QGD-1602P: QuNetSwitch 126.96.36.1999 and later
QGD-3014PT: QuNetSwitch 188.8.131.529 and later
QSW-M2116P-2T2S 1.0.6 build 210713 and later
QTS 184.108.40.2063 build 20210624 and later
QTS 220.127.116.110 build 20210730 and later
QTS 4.3.6: QUSBCam2 1.1.4 ( 2021/07/30 ) and later
QTS 18.104.22.1685 build 20210630 and later
QTS 4.5.4: QUSBCam2 1.1.4 (2021/07/30) and later
QTS 22.214.171.1246 build 20210701 and later
QuTS hero h4.5.3: QUSBCam2 1.1.4 (2021/07/30) and later
QuTS hero h126.96.36.1991 build 20210825 and later
QuTScloud c188.8.131.525 and later
QuTScloud c184.108.40.2065 build 20210809 and later
Updating QTS, QuTS hero, or QuTScloud
- Log on to QTS, QuTS hero, or QuTScloud as administrator.
- Go to Control Panel > System > Firmware Update.
- Under Live Update, click Check for Update.
QTS, QuTS hero, or QuTScloud downloads and installs the latest available update.
Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.
Updating QUSBCam2, NVR Storage Expansion, or QuNetSwitch
- Log on to QTS or QuTS hero as administrator.
- Open the App Center and then click .
A search box appears.
- Type “QUSBCam2”, "NVR Storage Expansion", or "QuNetSwitch" and then press ENTER.
QUSBCam2, NVR Storage Expansion, or QuNetSwitch appears in the search results.
- Click Update.
A confirmation message appears.
Note: The Update button is not available if your QUSBCam2, NVR Storage Expansion, or QuNetSwitch is already up to date.
- Click OK.
The application is updated.