Security Alert (A23-03-18): Multiple Vulnerabilities in QNAP Products
30 March 2023
QNAP has published security advisories to address multiple vulnerabilities in QNAP products. The details of the security updates can be found at: https://www.qnap.com/en/security-advisory/QSA-23-02 https://www.qnap.com/en/security-advisory/QSA-23-03 https://www.qnap.com/en/security-advisory/QSA-23-06 https://www.qnap.com/en/security-advisory/QSA-23-10 https://www.qnap.com/en/security-advisory/QSA-23-11 https://www.qnap.com/en/security-advisory/QSA-23-15
QNAP NAS devices running QTS operating system
QNAP NAS devices running QuTS hero operating system
QNAP Enterprise Storage (QES)
QNAP QVR Pro appliances (QVP)
For detailed information of the affected products, please refer to the corresponding security advisory at vendor's website.
Depending on the vulnerabilities being exploited, a successful exploitation could lead to remote code execution, denial of service, information disclosure, privilege escalation or security restriction bypass on an affected system.
Patches for affected products are available. System administrators of affected products should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.