QNAP Rolls Out Critical Security Updates
QNAP has warned customers to install firmware updates that fix five security vulnerabilities affecting its NAS devices. These vulnerabilities could allow attackers to execute commands, launch denial-of-service (DoS) attacks, or crash devices.
CVE-2023-23362 (High severity): QNAP has reported an OS command injection vulnerability of high severity. When exploited, this vulnerability grants authenticated users the capability to execute commands over the network.
Affected Versions:
– QTS 5.0.1.2376 build 20230421 and later
– QTS 4.5.4.2374 build 20230416 and later
– QuTS hero h5.0.1.2376 build 20230421 and later
– QuTS hero h4.5.4.2374 build 20230417 and later
– QuTScloud c5.0.1.2374 and later
CVE-2023-23358 & CVE-2023-23359 (Medium severity): QNAP uncovered two out-of-bounds write vulnerabilities. Once exploited, these allow authenticated users to initiate a DoS attack over the network.
CVE-2023-23360 & CVE-2023-23361 (Medium severity): Adding to the pile, two NULL pointer dereference vulnerabilities have also been reported, again potentially leading to DoS attacks via the network.
Versions Affected by DoS Vulnerabilities:
– QTS 5.0.1.2346 build 20230322 and later
– QTS 4.5.4.2374 build 20230416 and later
– QuTS hero h5.0.1.2348 build 20230324 and later
– QuTS hero h4.5.4.2374 build 20230417 and later
– QuTScloud c5.0.1.2374 and later
To keep your devices and data secure, QNAP strongly advocates for timely system updates, ensuring you reap the benefits of vulnerability fixes.
How to Update:
1. Log into your QTS, QuTS hero, or QuTScloud account with administrative privileges.
2. Navigate to **Control Panel > System > Firmware Update.
3. In the Live Update section, select Check for Update.
4. The system will download and seamlessly install the freshest update for you.
If you prefer a more hands-on approach, manual updates are available! Simply visit the QNAP website, go to Support > Download Center, and download the latest update tailored for your specific device.
