QNAP has warned customers to install firmware updates that fix five security vulnerabilities affecting its NAS devices. These vulnerabilities could allow attackers to execute commands, launch denial-of-service (DoS) attacks, or crash devices.
CVE-2023-23362 (High severity): QNAP has reported an OS command injection vulnerability of high severity. When exploited, this vulnerability grants authenticated users the capability to execute commands over the network.
Affected Versions:
– QTS 5.0.1.2376 build 20230421 and later
– QTS 4.5.4.2374 build 20230416 and later
– QuTS hero h5.0.1.2376 build 20230421 and later
– QuTS hero h4.5.4.2374 build 20230417 and later
– QuTScloud c5.0.1.2374 and later
CVE-2023-23358 & CVE-2023-23359 (Medium severity): QNAP uncovered two out-of-bounds write vulnerabilities. Once exploited, these allow authenticated users to initiate a DoS attack over the network.
CVE-2023-23360 & CVE-2023-23361 (Medium severity): Adding to the pile, two NULL pointer dereference vulnerabilities have also been reported, again potentially leading to DoS attacks via the network.
Versions Affected by DoS Vulnerabilities:
– QTS 5.0.1.2346 build 20230322 and later
– QTS 4.5.4.2374 build 20230416 and later
– QuTS hero h5.0.1.2348 build 20230324 and later
– QuTS hero h4.5.4.2374 build 20230417 and later
– QuTScloud c5.0.1.2374 and later
To keep your devices and data secure, QNAP strongly advocates for timely system updates, ensuring you reap the benefits of vulnerability fixes.
How to Update:
1. Log into your QTS, QuTS hero, or QuTScloud account with administrative privileges.
2. Navigate to **Control Panel > System > Firmware Update.
3. In the Live Update section, select Check for Update.
4. The system will download and seamlessly install the freshest update for you.
If you prefer a more hands-on approach, manual updates are available! Simply visit the QNAP website, go to Support > Download Center, and download the latest update tailored for your specific device.
