Edit Content
Report Incident
English
Sinhala
Tamil

ADVISORY!

TLP : CLEAR

Date : 29/04/2024

REF NO : CERT / 2024/04/36

QNAP NAS Multiple Vulnerabilities

Severity Level: Medium

Components Affected

  • QTS 4.5.4.2627 version prior to build 20231225
  • QTS 5.1.3.2578 version prior to build 20231110
  • QTS 5.1.4.2596 version prior to build 20231128
  • QTS 5.1.6.2722 version prior to build 20240402
  • QuFirewall version prior to 2.4.1 (2024/02/01)
  • QuTS hero version prior to h4.5.4.2626 build 20231225
  • QuTS hero version prior to h5.1.3.2578 build 20231110
  • QuTS hero version prior to h5.1.6.2734 build 20240414
  • QuTScloud version prior to c5.1.5.2651

Overview

Multiple vulnerabilities were identified in QNAP NAS. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.

Description

Multiple vulnerabilities have been reported affecting QuFirewall and several QNAP operating system versions. A path traversal vulnerability in QuFirewall, fixed in version 2.4.1 (2024/02/01) and later, could allow authenticated administrators to read unexpected files and expose sensitive data. Similarly, several QNAP OS versions were susceptible to a path traversal vulnerability, addressed in QTS 5.1.4.2596 build 20231128, QTS 4.5.4.2627 build 20231225, QuTS hero h5.1.3.2578 build 20231110, h4.5.4.2626 build 20231225, and QuTScloud c5.1.5.2651 and later. Additionally, a buffer copy vulnerability, fixed in QTS 5.1.6.2722 build 20240402 and QuTS hero h5.1.6.2734 build 20240414 and later, could allow authenticated users to execute code. An incorrect authorization vulnerability, fixed in the same builds, could enable access restriction bypass. Finally, an integer overflow vulnerability, resolved in QTS 5.1.3.2578 build 20231110, QuTS hero h5.1.3.2578 build 20231110, and QuTScloud c5.1.5.2651 and later, could compromise system security.

Impact

  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

Solution/ Workarounds

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

Reference

  1. https://www.qnap.com/en/security-advisory/qsa-24-14
  2. https://www.qnap.com/en/security-advisory/qsa-24-16
  3. https://www.qnap.com/en/security-advisory/qsa-24-17
  4. https://www.qnap.com/en/security-advisory/qsa-24-20

Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.

Sri Lanka Computer Emergency Readiness Team | Coordination Centre

Linkedin-in Facebook-f Twitter Youtube

Quick Links

Useful Links

Contact

  • Hotline : 101
  • +94 11 269 1692
  • Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
  • General inquiry: cert@cert.gov.lk
  • Security incidents: incidents@cert.gov.lk
  • Social media incidents: report@cert.gov.lk

Copyright © 2023 SRI LANKA CERT | CC