What are you looking for ?
Advertise with us
RAIDON

Qnap Security Advisory Bulletin ID: QSA-21-26 and QSA-21-27

Insecure storage of sensitive information in myQNAPcloud Link and SMB Out-of-Bounds read vulnerability in QTS and QuTS hero NAS OS

QNAP Systems, Inc. had published security enhancement against security vulnerabilities that could affect specific versions of the company’s products.

Use following information and solutions to correct the security issues and vulnerabilities.

Advisory includes following:

Insecure storage of sensitive information in myQNAPcloud Link
Release date: June 16, 2021
Security ID: QSA-21-26
Severity: Medium
CVE identifier: CVE-2021-28815
Affected products: All QNAP NAS

Summary
Insecure storage of sensitive information has been reported to affect company’s NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.
The company have already fixed this vulnerability in following versions of myQNAPcloud Link:

  • QTS 4.5.3: myQNAPcloud Link 2.2.21 and later 
  • QuTS hero h4.5.2: myQNAPcloud Link 2.2.21 and later 
  • QuTScloud c4.5.4: myQNAPcloud Link 2.2.21 and later 

Learn more

SMB out-of-bounds read vulnerability in QTS and QuTS hero
Release date: June 16, 2021
Security ID: QSA-21-27
Severity: Medium
CVE identifier: CVE-2021-20254
Affected products: All QNAP NAS

Summary
An SMB out-of-bounds read vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero NAS OS. If exploited, this vulnerability allows attackers to obtain sensitive information on the system.
The company have already fixed this vulnerability in following versions:

  • QTS 4.5.3.1670 Build 20210515 and later 
  • QuTS hero h4.5.3.1670 build 20210515 and later 
  • QuTScloud c4.5.5.1656 build 20210503 and later 
Learn more
Questions regarding this issue.
Read also :
Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E