What are you looking for ?
Advertise with us
RAIDON

Qnap Security Advisory Bulletin ID: QSA-21-09, QSA-21-29 ~ QSA-21-32

Concerning DNSpooq vulnerabilities, multiple command injection vulnerabilities in QTS and QuTS hero, stored XSS vulnerability in QuLog Center, stored XSS vulnerability in Q'center, and XSS vulnerability in QTS and QuTS hero

QNAP Systems, Inc. had published security enhancement against security vulnerabilities that could affect specific versions of the company’s products.

Use the following information and solutions to correct the security issues and vulnerabilities.

This advisory includes following:

DNSpooq vulnerabilities in QTS
Security ID: QSA-21-09
Release date: July 1, 2021
Severity: Medium
CVE identifier: CVE-2020-25684 | CVE-2020-25685 | CVE-2020-25686
Affected products: Certain QNAP NAS

Summary
DNSpooq vulnerabilities—including DNS cache poisoning and buffer overflow vulnerabilities—have been reported to affect certain versions of QTS. If exploited, these vulnerabilities allow attackers to perform remote code execution.

The company has already fixed these vulnerabilities in the following versions:

  • QTS 4.5.3.1652 build 20210428 and later

  • QuTS hero h4.5.3.1670 build 20210515 and later

  • QuTScloud c4.5.5.1656 build 20210503 and later

Information

Multiple command injection vulnerabilities in QTS and QuTS hero
Security ID: QSA-21-29
Release date: July 1, 2021
Severity: Medium
CVE identifier: CVE-2021-28802 | CVE-2021-28804
Affected products: Certain QNAP NAS

Summary
Multiple command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application.

The company have already fixed this vulnerability in the following versions:

  • QTS 4.5.1.1540 build 20210107 and later

  • QuTS hero h4.5.1.1582 build 20210217 and later

Information

Stored XSS vulnerability in QuLog Center
Security ID: QSA-21-30
Release date: July 1, 2021
Severity: Medium
CVE identifier: CVE-2020-36196
Affected products: QNAP NAS running QuLog Center

Summary
A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code.

The company have already fixed this vulnerability in the following versions:

  • QuLog Center 1.2.0 and later

Information

Stored XSS vulnerability in Q’center
Security ID: QSA-21-31
Release date: July 1, 2021
Severity: Medium
CVE identifier: CVE-2021-28803
Affected products: QNAP NAS running Q’center

Summary
A stored XSS vulnerability has been reported to affect QNAP NAS running Q’center. If exploited, this vulnerability allows attackers to inject malicious code.

The company have already fixed this vulnerability in the following versions:

  • Q’center 1.11.1004 and later

Information

XSS vulnerability in QTS and QuTS hero
Security ID: QSA-21-32
Release date: July 1, 2021
Severity: Medium
CVE identifier: CVE-2020-36194
Affected products: Certain QNAP NAS

Summary
An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code.

The company have already fixed this vulnerability in the following versions:

  • QTS 4.5.2.1566 Build 20210202 and later

  • QuTS hero h4.5.2.1638 build 20210414 and later

QNAP NAS running QTS 4.5.3 and later are not affected.

Information

Questions regarding this issue: contact

Read also :
Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E