QNAP Closes Serious Vulnerabilities in Software for NAS Systems
QNAP reports fixing several software vulnerabilities for its NAS systems, including in the Qusbcam2 software. The company’s switches that run QuNetSwitch were also vulnerable.
QNAP reports in a security warning that Qusbcam2 had a critical buffer overflow vulnerability that attackers could exploit to arbitrarily execute code on vulnerable systems. The issue has been resolved with Qusbcam2 1.1.4 on QTS 4.5.4, QTS 4.3.6 and QuTS h4.5.3 and later versions. The software makes it possible to connect an external camera to a NAS system and view the image remotely.
The QTS, QuTS hero, and QuTScloud operating systems were found to have two stack buffer overflow errors that allowed the running of malicious code. QNAP marks these issues as “serious” but not critical.
Critical are two stack buffer overflow problems of NVR Storage Expansion. These have been fixed with version 1.0.6 and later versions of this network video recording software. Finally, a vulnerability has been fixed in the QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. This made it possible to read sensitive data.
| Updates QTS, QuTS hero and QuTScloud | Updates QSW and QuNetSwitch |
| QTS 5.0.0.1716 build 20210701 and later | QSW-M2116P-2T2S 1.0.6 build 210713 and later |
| QTS 4.5.4.1715 build 2021063 and later | QGD-1600P: QuNetSwitch 1.0.6.1509 and later |
| QTS 4.3.6.1750 build 20210730 and later | QGD-1602P: QuNetSwitch 1.0.6.1509 and later |
| QTS 4.3.3.1693 build 2020624 and later | QGD-3014PT: QuNetSwitch 1.0.6.1519 and later |
| QuTS hero h4.5.4.1771 build 2020825 and later | |
| QuTScloud c4.5.6.1755 and later |