mickmick.net

QNAP NAS Multiple Vulnerabilities

Release Date: 9 Jan 2024

RISK: Medium Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in QNAP NAS. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and data manipulation on the targeted system.

---

Impact

• Remote Code Execution
• Denial of Service
• Data Manipulation

---

System / Technologies affected

• QTS version prior to 5.1.3.2578 build 20231110 
• QTS version prior to 5.1.4.2596 build 20231128
• QuTS hero version prior to h5.1.3.2578 build 20231110
• QuTS hero version prior to h5.1.4.2596 build 20231128

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

• Apply fixes issued by the vendor:
  https://www.qnap.com/en/security-advisory/qsa-23-22
  https://www.qnap.com/en/security-advisory/qsa-23-27
  https://www.qnap.com/en/security-advisory/qsa-23-54
  https://www.qnap.com/en/security-advisory/qsa-23-64

---

Vulnerability Identifier

• CVE-2022-43634
• CVE-2023-39294
• CVE-2023-39296
• CVE-2023-45039
• CVE-2023-45040
• CVE-2023-45041
• CVE-2023-45042
• CVE-2023-45043
• CVE-2023-45044

---

Source

• QNAP

---

Related Link

• https://www.qnap.com/en/security-advisory/qsa-23-22
• https://www.qnap.com/en/security-advisory/qsa-23-27
• https://www.qnap.com/en/security-advisory/qsa-23-54
• https://www.qnap.com/en/security-advisory/qsa-23-64