What are you looking for ?
Mobile Search Icon
Mobile Menu Icon
Advertise with us
Advertise with us

Qnap Security Advisory Bulletin ID: QSA-21-26 and QSA-21-27

Insecure storage of sensitive information in myQNAPcloud Link and SMB Out-of-Bounds read vulnerability in QTS and QuTS hero NAS OS

This is a Press Release edited by StorageNewsletter.com on June 25, 2021 at 2:30 pm

QNAP Systems, Inc. had published security enhancement against security vulnerabilities that could affect specific versions of the company’s products.

Use following information and solutions to correct the security issues and vulnerabilities.

Advisory includes following:

Insecure storage of sensitive information in myQNAPcloud Link
Release date: June 16, 2021
Security ID: QSA-21-26
Severity: Medium
CVE identifier: CVE-2021-28815
Affected products: All QNAP NAS

Summary
Insecure storage of sensitive information has been reported to affect company’s NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. The company have already fixed this vulnerability in following versions of myQNAPcloud Link:

  • QTS 4.5.3: myQNAPcloud Link 2.2.21 and later 
  • QuTS hero h4.5.2: myQNAPcloud Link 2.2.21 and later 
  • QuTScloud c4.5.4: myQNAPcloud Link 2.2.21 and later

Learn more

SMB out-of-bounds read vulnerability in QTS and QuTS hero
Release date: June 16, 2021
Security ID: QSA-21-27
Severity: Medium
CVE identifier: CVE-2021-20254
Affected products: All QNAP NAS

Summary
An SMB out-of-bounds read vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero NAS OS. If exploited, this vulnerability allows attackers to obtain sensitive information on the system. The company have already fixed this vulnerability in following versions:

  • QTS 4.5.3.1670 Build 20210515 and later 
  • QuTS hero h4.5.3.1670 build 20210515 and later 
  • QuTScloud c4.5.5.1656 build 20210503 and later 
Learn more
Questions regarding this issue.
Read also :
Qnap Security Advisory Bulletin ID: QSA-21-20, QSA-21-21 and QSA-21-22
Concerning post-authentication reflected XSS vulnerability in Q'center, command injection vulnerability in video station, and DOM-based XSS vulnerability in QTS and QuTS hero
June 7, 2021 | Press Release
Qnap Security Advisory Bulletin ID: QSA-21-12 and QSA-21-14
Concerning NAS running HBS 3 App and Qlocker ransomware, and relative path traversal vulnerability in QTS and QuTS hero NAS OS
May 24, 2021 | Press Release
Qnap Security Advisory | Bulletin ID: QSA-21-15
Concerning AgeLocker ransomware
May 5, 2021 | Press Release
Qnap Security Advisory | Bulletin ID: QSA-21-13
Concerning hard-coded credentials vulnerability in HBS 3 Hybrid Backup Sync
April 30, 2021 | Press Release
Qnap Security Advisory Bulletin ID: QSA-21-04, QSA-21-05, QSA-21-10, QSA-21-11
Concerning cross-site scripting vulnerability in File Station, multiple vulnerabilities in Twonky Server, command injection vulnerability in QTS and QuTS hero, and SQL injection vulnerability in Multimedia Console and Media Streaming add-on
April 22, 2021 | Press Release
Qnap Security Advisory|Bulletin ID: QSA-21-06
Cross-site scripting vulnerability to affect earlier versions of Photo Station
February 24, 2021 | Press Release
Qnap Security Advisory|Bulletin ID: QSA-21-07
Stack-based buffer overflow vulnerability reported to affect NAS running Surveillance Station
February 23, 2021 | Press Release
Qnap Security Advisory | Bulletin ID: QSA-21-02
Concerning heap-based buffer overflow vulnerability in sudo, important utility for Unix-like and Linux-based OS, including QTS, QuTS hero, and QES NAS OS
February 1, 2021 | Press Release
Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E
RAIDON