What are you looking for ?
Advertise with us
RAIDON

Qnap: Resolved Cross-Site Request Forgery Vulnerability in Proxy Server

Company already fixed vulnerability in Proxy Server.

Qnap Systems, Inc. had published a security advisory concerning the vulnerability in Proxy Server.

Release date: May 26, 2022
Security ID: QSA-22-18
Severity: Medium
CVE identifier: CVE-2021-34360
Affected products: Qnap NAS running Proxy Server
Status: Resolved

Summary
A cross-site request forgery (CSRF) vulnerability has been reported to affect Qnap NAS running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code.

The company have already fixed this vulnerability in following versions of Proxy Server:

  • QTS 4.5.x, QTS 5.0.x: Proxy Server 1.4.2 (2021/12/30) and later

  • QuTS hero h5.0.x: Proxy Server 1.4.3 (2022/01/18) and later

  • QuTScloud c4.5.x, QuTScloud c5.0.x: Proxy Server 1.4.2 (2021/12/30) and later

Recommendation
To fix the vulnerability, the company recommend updating Proxy Server to the latest version.

Updating Proxy Server

  1. Log on to QTS, QuTS hero, or QuTScloud as administrator.

  2. Open the App Center and then click Qnap Loupe
    A search box appears.

  3. Enter ‘Proxy Server’.
    Proxy Server appears in the search results.

  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your application is already up to date.

  5. Click OK.
    The system updates the application.

 Acknowledgements: Tony Martin, a security researcher

Revision History: V1.0 (May 26, 2022) – Published

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E