Skip to main content

QNAP Products Multiple Vulnerabilities

Release Date: 24 Dec 2020 1086 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Multiple vulnerabilities were identified in QNAP Products, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution, disclose sensitive information, cross-site scripting and bypass security restriction on the targeted system.


Impact

  • Cross-Site Scripting
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • QES version prior to 2.1.1 Build 20200515
  • QTS version prior to 4.5.1.1495 build 20201123
  • QuTS hero version prior to h4.5.1.1491 build 20201119

This issue does not affect QTS 4.3.x or QTS 4.2.x.


Solutions

Before installation of the software, please visit the vendor web-site for more details.

 


Vulnerability Identifier


Source


Related Link