Security Alert (A24-01-04): Multiple Vulnerabilities in QNAP Products
08 January 2024
QNAP has published security advisories to address multiple vulnerabilities in QNAP products. The list of security updates can be found at: https://www.qnap.com/en/security-advisory/QSA-23-22 https://www.qnap.com/en/security-advisory/QSA-23-23 https://www.qnap.com/en/security-advisory/QSA-23-27 https://www.qnap.com/en/security-advisory/QSA-23-32 https://www.qnap.com/en/security-advisory/QSA-23-34 https://www.qnap.com/en/security-advisory/QSA-23-54 https://www.qnap.com/en/security-advisory/QSA-23-55 https://www.qnap.com/en/security-advisory/QSA-23-64
QNAP NAS devices running QTS operating system versions prior to 22.214.171.12496 build 20231128
QNAP NAS devices running QuTS hero operating system versions prior to h126.96.36.19996 build 20231128
QNAP NAS devices running QcalAgent versions prior to 1.1.8
QNAP NAS devices running QuMagie versions prior to 2.2.1
QNAP NAS devices running Video Station versions prior to 5.7.2 (2023/11/23)
For detailed information of the affected products, please refer to the corresponding security advisory at vendor's website.
Successful exploitation of the vulnerabilities could lead to remote code execution or denial of service on an affected system.
Patches for affected products are available. System administrators of affected products should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.