What are you looking for ?
Mobile Search Icon
Mobile Menu Icon
Advertise with us
Advertise with us

Qnap Security Advisories QSA-23-12, QSA-23-25, QSA-23-29 for Resolved Vulnerabilities

Concerning Apache HTTP Server, Legacy QTS Oss, and Multimedia Console using in NAS

This is a Press Release edited by StorageNewsletter.com on September 27, 2023 at 2:00 pm

Qnap Systems, Inc. had published security enhancement against security vulnerabilities that could affect specific versions of the company’s products. Use the following information and solutions to correct the security issues and vulnerabilities.

Advisory includes following:

Resolved Vulnerabilities in Apache HTTP Server

Security ID: QSA-23-12
Release date: September 22, 2023
CVE identifier: CVE-2006-20001; CVE-2022-36760; CVE-2022-37436
Affected products: QTS 5.1.0, QuTS hero h5.1.0, QuTScloud c5.0.1

Summary
Multiple vulnerabilities in Apache HTTP Server have been reported to affect certain Qnap OSs.

The company have already fixed vulnerabilities in following versions:

  • QTS 5.1.0.2348 build 20230325 and later 
  • QuTS hero h5.1.0.2392 build 20230508 and later 
  • QuTScloud c5.0.1.2374 and later

More information

 

Resolved Vulnerability in Legacy QTS

Security ID: QSA-23-25
Release date: September 22, 2023
CVE identifier: CVE-2023-23363
Affected products: QTS 4.3.6, 4.3.4, 4.3.3, 4.2.6

Summary
A buffer copy without checking size of input vulnerability has been reported to affect certain legacy versions of QTS. If exploited, the vulnerability could allow clients to execute code via unspecified vectors.

The company have already fixed vulnerability in following versions:

  • QTS 4.3.6.2441 build 20230621 and later 
  • QTS 4.3.4.2451 build 20230621 and later 
  • QTS 4.3.3.2420 build 20230621 and later 
  • QTS 4.2.6 build 20230621 and later

QTS versions 4.4.x, 4.5.x, and 5.x are not affected. QuTS hero is also not affected.

More information

 

Resolved Vulnerability in Multimedia Console

Security ID: QSA-23-29
Release date: September 22, 2023
CVE identifier: CVE-2023-23364
Affected products: Multimedia Console 2.1, 1.4

Summary
A buffer copy without checking size of input vulnerability has been reported to affect certain versions of Multimedia Console. If exploited, the vulnerability could allow clients to execute code via unspecified vectors.

The company have already fixed vulnerability in following versions:

  • Multimedia Console 2.1.1 (2023/03/29) and later
  • Multimedia Console 1.4.7 (2023/03/20) and later

More information

Questions regarding this issue (contact)

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E
RAIDON