Security Alert (A23-09-19): Multiple Vulnerabilities in QNAP Products
22 September 2023
QNAP has published security advisories to address multiple vulnerabilities in QNAP products. The details of security updates can be found at: https://www.qnap.com/en/security-advisory/QSA-23-12 https://www.qnap.com/en/security-advisory/QSA-23-25 https://www.qnap.com/en/security-advisory/QSA-23-29
QNAP NAS devices running QTS operating system versions prior to 22.214.171.1240 build 20230621, 126.96.36.1991 build 20230621, 188.8.131.521 build 20230621, 184.108.40.2068 build 20230325
QNAP NAS devices running QuTS hero operating system versions prior to h220.127.116.112 build 20230508
QNAP NAS devices running QuTScloud version prior to c18.104.22.1684
QNAP NAS devices running Multimedia Console version prior to 1.4.7, Multimedia Console version prior to 2.1.1
For detailed information of the affected products, please refer to the corresponding security advisory at vendor's website.
Successful exploitation of the vulnerabilities could lead to arbitrary code execution or tampering on an affected system.
Patches for affected products are available. System administrators of affected products should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.