Skip to main content

QNAP NAS Remote Code Execution Vulnerabilities

Release Date: 14 Feb 2024 3496 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Multiple vulnerabilities were identified in QNAP NAS. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution on the targeted system.


Impact

  • Remote Code Execution

System / Technologies affected

  • QTS version prior to 5.1.0.2444 build 20230629
  • QTS version prior to 5.0.1.2145 build 20220903
  • QTS version prior to 5.0.0.1986 build 20220324
  • QTS version prior to 4.5.4.2012 build 20220419
  • QTS version prior to 4.3.6.2665 build 20240131
  • QTS version prior to 4.3.4.2675 build 20240131
  • QTS version prior to 4.3.3.2644 build 20240131
  • QTS version prior to 4.2.6 build 20240131
  • QuTS hero version prior to h5.1.0.2466 build 20230721
  • QuTS hero version prior to h5.0.1.2192 build 20221020
  • QuTS hero version prior to h5.0.0.1986 build 20220324
  • QuTS hero version prior to h4.5.4.1991 build 20220330

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:


Vulnerability Identifier


Source


Related Link