Security Alert (A23-10-15): Multiple Vulnerabilities in QNAP Products
16 October 2023
QNAP has published security advisories to address multiple vulnerabilities in QNAP products. The list of security updates can be found at: https://www.qnap.com/en/security-advisory/QSA-23-41 https://www.qnap.com/en/security-advisory/QSA-23-42
QNAP NAS devices running QTS operating system versions prior to 188.8.131.527 build 20230718, 184.108.40.2065 build 20230609, 220.127.116.114 build 20230629
QNAP NAS devices running QuTS hero operating system versions prior to h18.104.22.1686 build 20230728, h22.214.171.1245 build 20230907, h126.96.36.1994 build 20230609
QNAP NAS devices running QuTScloud version prior to c188.8.131.528
For detailed information of the affected products, please refer to the corresponding security advisory at vendor's website.
Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service or information disclosure on an affected system.
Patches for affected products are available. System administrators of affected products should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.