mood Posted December 24, 2020 Share Posted December 24, 2020 QNAP fixes even more serious security flaws on its NAS devices Latest update includes patches for six vulnerabilities in QES, QTS and QuTS hero QNAP has released a series of new patches which fix multiple high severity vulnerabilities that impact its NAS devices running the QES, QTS and QuTS hero operating systems. In total, this latest round of security updates patch six vulnerabilities that affect older versions of the NAS maker's FreeBSD, Linux and 128-bit ZFS based operating systems. TIM Security Red Team Research, Lodestone Security and the CFF of Topsec Alpha Team discovered and reported these security bugs to QNAP which if left unpatched, could be used to carry out command injection or cross-site scripting (XSS) on the company's NAS devices. While the XSS vulnerabilities could allow a remote attacker to inject malicious code into vulnerable versions of QNAP's apps, the command injection bugs could be used to elevate privileges, execute arbitrary commands or even take over a device's underlying operating system. NAS vulnerabilities Although QNAP has issued patches for six different vulnerabilities in its software, all of these issues have already been fixed in QES 2.1.1 Build 20201006 and later, QTS 4.5.1.1495 build 20201123 and later and QuTS hero h4.5.1.1491 build 20201119 and later. This means that updating the software on your NAS device is the easiest and fastest way to address all six vulnerabilities. To do so, you'll need to log on to QES, QTS or QuTS hero as an administrator and go to Control Panel > System > Firmware Update. Under the Live Update section, you'll need to click on Check for Update to have QES, QTS or QuTS Hero download and install the latest available update. Additionally, the update can also be downloaded and installed manually by visiting the Support Download Center on QNAP's website. As NAS devices are often used to backup sensitive files and data, keeping them updated is of the utmost importance to prevent hackers from exploiting any known vulnerabilities. Via BleepingComputer QNAP fixes even more serious security flaws on its NAS devices Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.