Qnap patches multiple vulnerabilities in operating systems and applications

Qnap patches multiple vulnerabilities in operating systems and applications

QNAP has released security updates for multiple vulnerabilities in its operating systems and applications, including QTS, QuTS hero, QuMagie, and Qfiling.

Qnap has released security updates for several vulnerabilities in its operating systems and software applications. The vulnerabilities vary in severity and can lead to data leaks, denial-of-service attacks, and unauthorized code execution, among other things.

The vulnerabilities affect, among others, the QTS and QuTS hero operating systems, QuMagie, Qfiling, License Center, MARS, Qfinder Pro, Qsync, and QVPN Device Client for macOS. According to Qnap, all reported security issues have now been resolved via updates.

Various issues

In QTS and QuTS hero, the issues ranged from buffer overflows and path traversal to reading sensitive system information. In certain cases, the bugs could be exploited by attackers with access to a user or administrator account. This could be used to crash processes, modify memory, or read inaccessible files.

read also

Qnap bundles backup tools under new brand name: Hyper Data Protection

Other applications such as QuMagie and Qfiling also contained XSS and path traversal vulnerabilities. In the case of MARS, an SQL injection error was discovered that could lead to unauthorized code execution. The affected applications have been updated to safer versions, which users can now use.

Quick update

Qnap advises users of the affected products to update their systems to the patched versions as soon as possible. The vulnerabilities and updates are relevant for the following solutions:

  1. QuMagie 2.x → patched in version 2.8.1 and later
  2. QTS 5.2.x → patched in versions 5.2.7.3256 and 5.2.8.3332
  3. QuTS hero h5.2.x → patched in versions h5.2.7.3256 and h5.2.8.3321
  4. QuTS hero h5.3.x → patched in version h5.3.1.3250
  5. License Center 2.0.x → patched in version 2.0.36
  6. MARS 1.2.x → patched in version 1.2.1.1686 (renamed to HDP for WordPress from version 1.3.x)
  7. Qfiling 3.13.x → patched in version 3.13.1
  8. Qfinder Pro (Mac) 7.13.x → patched in version 7.13.0
  9. Qsync (Mac) 5.1.x → patched in version 5.1.5
  10. QVPN Device Client (Mac) 2.2.x → patched in version 2.2.8

Updates are available through Qnap’s own channels.