mickmick.net

QNAP NAS Multiple Vulnerabilities

Release Date: 25 Sep 2023

RISK: Medium Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in QNAP NAS. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and data manipulation on the targeted system.

---

Impact

• Remote Code Execution
• Data Manipulation

---

System / Technologies affected

• QTS version prior to 4.3.6.2441 build 20230621
• QTS version prior to 4.3.4.2451 build 20230621
• QTS version prior to 4.3.3.2420 build 20230621
• QTS version prior to 4.2.6 build 20230621
• QTS version prior to 5.1.0.2348 build 20230325
• QuTS hero version prior to h5.1.0.2392 build 20230508
• QuTScloud version prior to c5.0.1.2374
• Multimedia Console version prior to 2.1.1 (2023/03/29)
• Multimedia Console version prior to 1.4.7 (2023/03/20)

 

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

• Apply fixes issued by the vendor:
  https://www.qnap.com/en/security-advisory/QSA-23-12
  https://www.qnap.com/en/security-advisory/QSA-23-25
  https://www.qnap.com/en/security-advisory/QSA-23-29

---

Vulnerability Identifier

• CVE-2006-20001
• CVE-2022-36760
• CVE-2022-37436
• CVE-2023-23363
• CVE-2023-23364

---

Source

• QNAP

---

Related Link

• https://www.qnap.com/en/security-advisory/QSA-23-12
• https://www.qnap.com/en/security-advisory/QSA-23-25
• https://www.qnap.com/en/security-advisory/QSA-23-29