Skip to main content

QNAP Product Information Disclosure Vulnerability

Release Date: 31 Dec 2021 3367 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability has been identified in QNAP Products. A remote user can exploit this vulnerability to trigger sensitive information disclosure on the targeted system.


  • Information Disclosure

System / Technologies affected

  • QTS before build 20210910 
  • QuTS hero h4.5.4.1771 before build 20210825
  • QuTScloud before c4.5.7.1864


Before installation of the software, please visit the vendor web-site for more details.


  • Apply fixes issued by the vendor:
    • QTS build 20210910 and later
    • QuTS hero h4.5.4.1771 build 20210825 and later
    • QuTScloud c4.5.7.1864 and later


Updating QTS, QuTS hero, or QuTScloud

  1. Log on to QTS, QuTS hero, or QuTScloud as administrator.
  2. Go to Control Panel > System > Firmware Update.
  3. Under Live Update, click Check for Update.
    QTS, QuTS hero, or QuTScloud downloads and installs the latest available update.

Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.

Vulnerability Identifier


Related Link