Qnap Provided Updates for NAS Vulnerabilities
Discovered by F-Secure
This is a Press Release edited by StorageNewsletter.com on January 30, 2017 at 2:51 pmFollowing the publication of this news:
F-Secure Researchers Find Three Vulnerabilities in Qnap NAS,
Qnap published an update to fix the problem.
Security Vulnerabilities Addressed in QTS 4.2.3 Builds 20170121 and 20170124
Release date: January 18, 2017
Last updated: January 26, 2017
Bulletin ID: NAS-201701-18
Severity rating: Medium
Affected products: All QNAP NAS running QTS 4.2.2 and earlier
Summary
QTS 4.2.3 Builds 20170121 and 20170124 include security fixes for the heap overflow vulnerability reported by bashis and the firmware update vulnerabilities reported by F-Secure.
Note: Install the appropriate build for your NAS model.
Build 20170124: TS-809 and TS-809U only
Build 20170121: All other models
Solution: Installing the update
1 Download the package from the QNAP download page: https://www.qnap.com/download/.
2 Log on as administrator to the QTS web console.
3 Go to ‘Control Panel’ > ‘System’ > ‘Firmware Update’ > ‘Firmware Update’.
4 Click ‘Browse’ and then locate the package on your computer.
5 Click ‘Update System’.
Note: After manually installing the update, you can choose to enable live updates from the Live Update tab.