Skip to main content

QNAP NAS Remote Code Execution Vulnerability

Release Date: 4 Jun 2021 6242 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability was identified in QNAP NAS, a remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.


Impact

  • Remote Code Execution

System / Technologies affected

    Video Station:

  • versions prior to 5.5.4 (QTS 4.5.2, QuTS hero h4.5.2, QuTScloud c4.5.4)

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

 

    Video Station 

  • Versions 5.5.4 or above (QTS 4.5.2, QuTS hero h4.5.2, QuTScloud c4.5.4)

Vulnerability Identifier


Source


Related Link

https://www.qnap.com/en/security-advisory/qsa-21-21
https://cvepremium.circl.lu/cve/CVE-2021-28812