What are you looking for ?
Advertise with us
RAIDON

Qnap: Four Security Advisories on Resolved Vulnerabilities

Concerning QTS, QuTS hero, and QuTScloud OSs, Multimedia Console, Media Streaming add-on, and Music Station

Qnap Systems, Inc. had published security enhancement against security vulnerabilities that could affect specific versions of the company’s products.

Use the following information and solutions to correct the security issues and vulnerabilities.

This advisory includes following:

Vulnerability in QTS, QuTS hero, and QuTScloud

Security ID: QSA-23-31
Release date: November 4, 2023
CVE identifier: CVE-2023-23368
Severity: Critical
Status: Resolved
Affected products: QTS 5.0.x, 4.5.x; QuTS hero h5.0.x, h4.5.x; QuTScloud c5.0.1

Summary
An OS command injection vulnerability has been reported to affect several Qnap OSs versions. If exploited, the vulnerability could allow remote attackers to execute commands via a network.

The company have already fixed vulnerability in following versions:

Affected product

Fixed version

QTS 5.0.x

QTS 5.0.1.2376 build 20230421 and later

QTS 4.5.x

QTS 4.5.4.2374 build 20230416 and later

QuTS hero h5.0.x

QuTS hero h5.0.1.2376 build 20230421 and later

QuTS hero h4.5.x

QuTS hero h4.5.4.2374 build 20230417 and later

QuTScloud c5.0.x

QuTScloud c5.0.1.2374 and later

 More information

 

Vulnerability in QTS, Multimedia Console, and Media Streaming add-on

Security ID: QSA-23-35
Release date: November 4, 2023
CVE identifier: CVE-2023-23369
Severity: Critical
Status: Resolved
Affected products: QTS 5.1.x, 4.3.6, 4.3.4, 4.3.3, 4.2.x; Multimedia Console 2.1.x, 1.4.x; Media Streaming add-on 500.1.x, 500.0.x

Summary
An OS command injection vulnerability has been reported to affect several Qnap OSs and application versions. If exploited, the vulnerability could allow remote attackers to execute commands via a network.

The company have already fixed vulnerability in following versions:

Affected product

Fixed version

QTS 5.1.x

QTS 5.1.0.2399 build 20230515 and later

QTS 4.3.6

QTS 4.3.6.2441 build 20230621 and later

QTS 4.3.4

QTS 4.3.4.2451 build 20230621 and later

QTS 4.3.3

QTS 4.3.3.2420 build 20230621 and later

QTS 4.2.x

QTS 4.2.6 build 20230621 and later

Multimedia Console 2.1.x

Multimedia Console 2.1.2 (2023/05/04) and later

Multimedia Console 1.4.x

Multimedia Console 1.4.8 (2023/05/05) and later

Media Streaming add-on 500.1.x

Media Streaming add-on 500.1.1.2 (2023/06/12) and later

Media Streaming add-on 500.0.x

Media Streaming add-on 500.0.0.11 (2023/06/16) and later

 More information

 

Vulnerability in QTS, QuTS hero, and QuTScloud

Security ID: QSA-23-51
Release date: November 4, 2023
CVE identifier: CVE-2023-39301
Severity: Medium
Status: Resolved
Affected products: QTS 5.1.x, 5.0.x; QuTS hero h5.1.x, h5.0.x; QuTScloud c5.x

Summary
A server-side request forgery (SSRF) vulnerability has been reported to affect several Qnap OSs versions. If exploited, the vulnerability could allow authenticated users to read application data via a network.

The company have already fixed vulnerability in following affected versions:

Affected product

Fixed version

QTS 5.1.x

QTS 5.1.1.2491 build 20230815 and later

QTS 5.0.x

QTS 5.0.1.2514 build 20230906 and later

QuTS hero h5.1.x

QuTS hero h5.1.1.2488 build 20230812 and later

QuTS hero h5.0.x

QuTS hero h5.0.1.2515 build 20230907 and later

QuTScloud c5.x

QuTScloud c5.1.0.2498 and later

More information

 

Vulnerability in Music Station

Security ID: QSA-23-61
Release date: November 4, 2023
CVE identifier: CVE-2023-39299
Severity: Medium
Status: Resolved
Affected products: Music Station 5.3.x, 5.1.x, 4.8.x

Summary
A path traversal vulnerability has been reported to affect several versions of Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.

The company have already fixed vulnerability in following affected versions:

Affected product

Fixed version

Music Station 5.3.x

Music Station 5.3.23 and later

Music Station 5.1.x

Music Station 5.1.16 and later

Music Station 4.8.x

Music Station 4.8.11 and later

More information

Contact: Questions regarding this issue

Articles_bottom
ExaGrid
ATTOtarget="_blank"
OPEN-E