QNAP: Manufacturer informs about security gaps, updates are available

The NAS manufacturer has published safety information for its devices. For users of affected QNAP models, this means that they should check that they are up to date with the latest software packages. Two of the vulnerabilities have a "Medium" severity, while one is rated "High". One of the loopholes affects all models.

If this vulnerability is exploited, an attacker can use certain widespread tools to access sensitive information that is stored in clear text in cookies. The loophole is listed under CVE-2018-19941 and was closed with the following software versions: QTS 4.5.1.1456 build 20201015, QuTS hero h4.5.1.1472 build 20201031 and QuTScloud c4.5.2.1379 build 20200730.

CVE-2018-19944 was closed with QTS 4.4.3.1354 build 20200702. If this vulnerability is exploited, a remote attacker could gain access to sensitive information during the clear text transmission. QTS 4.3.4 to 4.3.6 contains the critical gap. Caused by improper restrictions on a path name to a restricted directory, this vulnerability allows any files on the target system to be renamed if it is exploited.

To secure the device, you should update the system to the latest version in order to benefit from the vulnerability fixes. Users can check the product support status to see the latest available updates for their NAS model.

#
preview
product
price

1

Qnap TS-230 2-bay desktop NAS case - 2 GB RAM - 1.4 GHz quad-core processor

Qnap TS-230 2-bay desktop NAS case – 2 GB RAM – 1.4 GHz quad-core processor

170.29 EUR

View on Amazon

2

QNAP TS-231P3-2G 2 Bay Desktop NAS Enclosure - Network storage with 2.5GbE connectivity, 2GB RAM, ...

QNAP TS-231P3-2G 2 Bay Desktop NAS Enclosure – Network storage with 2.5GbE connectivity, 2GB …

269.00 EUR

View on Amazon

3

QNAP TS-231K 2 Bay Desktop Network Storage Enclosure

QNAP TS-231K 2 Bay Desktop Network Storage Enclosure

202.30 EUR

View on Amazon

Amazon links are included in this article. Clicking on it will take you directly to the provider. Should you decide to buy there, we will receive a small commission. Nothing changes in the price for you.

Source link

We will be happy to hear your thoughts

Leave a reply

Sharing is Awesome, Do It!

Share this post with your friends
close-link