QNAP Products Multiple Vulnerabilities
Release Date: 24 Dec 2020 2236 Views
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in QNAP Products, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution, disclose sensitive information, cross-site scripting and bypass security restriction on the targeted system.
- Cross-Site Scripting
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- QES version prior to 2.1.1 Build 20200515
- QTS version prior to 22.214.171.1245 build 20201123
- QuTS hero version prior to h126.96.36.1991 build 20201119
This issue does not affect QTS 4.3.x or QTS 4.2.x.
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor: