Vulnerability fixed in QNAP firmware

QNAP has fixed a vulnerability in the firmware of several NAS and virtualization systems running QTS, QuTS Hero, QuTScloud and QVR. A malicious party could exploit the vulnerability to cause a denial-of-service. QNAP has released updates to fix the vulnerability in the firmware for QTS, QuTS Hero...

QNAP NAS 代理服务器跨站请求伪造漏洞

QNAP NAS is an accessible and fast storage solution from China-based QNAP Technologies QNAP. A cross-site request forgery vulnerability exists in the proxy server of QNAP NAS, which can be exploited by remote attackers to inject malicious code. The following products and versions are affected: QT...

CVE-2021-44052

An improper link resolution before file access 'Link Following' vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the...

CVE-2021-44054

An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of...

QNAP 多款产品路径遍历漏洞

QNAP Systems QNAP QuTScloud is a cloud-optimized version of the QNAP NAS operating system from QNAP Systems. A path traversal vulnerability exists in QNAP QTS, QuTS hero, and QuTScloud, which stems from an input validation error when processing a directory traversal sequence in thttpd. A remote...

QNAP Systems 多款产品跨站脚本漏洞

QNAP Systems QUTS Hero and QNAP QuTScloud are both products of China Weilian QNAP Systems.QUTS Hero is a NAS operating system for file management. The system retains the application ecosystem of QTS and integrates the more powerful 128-bit ZFS file system to provide enterprises with a more stable...

PT-2022-3427 · Qnap · Qts +2

Name of the Vulnerable Software and Affected Versions: QTS versions prior to 4.5.4.1991 build 20220329 QTS versions prior to 5.0.0.1986 build 20220324 QuTS hero versions prior to h4.5.4.1971 build 20220310 QuTS hero versions prior to h5.0.0.1986 build 20220324 QuTScloud versions prior to...

QNAP Systems 多款产品命令注入漏洞

QNAP Systems QUTS Hero and others are products of China Weilian QNAP Systems.QUTS Hero is a NAS operating system for managing files.QNAP QuTScloud is a cloud-optimized version of the QNAP NAS operating system.QNAP Systems QTS is an entry- to mid-level operating system for use with QNAP NAS. A...

CVE-2021-28799

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...