Multiple vulnerabilities were identified in QNAP NAS. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure and security restriction bypass on the targeted system.
Impact
Information Disclosure
Security Restriction Bypass
System / Technologies affected
QTS version prior to 4.5.4.2467 build 20230718
QTS version prior to 5.0.1.2425 build 20230609
QTS version prior to 5.1.0.2444 build 20230629
QuTS hero version prior to h4.5.4.2476 build 20230728
QuTS hero version prior to h5.1.0.2424 build 20230609
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
https://www.qnap.com/en/security-advisory/qsa-23-58
https://www.qnap.com/en/security-advisory/qsa-23-59
https://www.qnap.com/en/security-advisory/qsa-23-60