QNAP Systems, Inc. is addressing recently reported vulnerabilities in their QTS operating system and has released updates to fix all confirmed vulnerabilities, including one with a medium severity level, while also committing to addressing and releasing fixes for high or critical severity vulnerabilities within 45 days and medium severity vulnerabilities within 90 days in the future.
- Prompt response to identified vulnerabilities
- Regular updates and fixes for security issues
- Commitment to collaboration with security researchers
QNAP Systems, Inc. (QNAP) is dedicated to upholding the highest security standards for our products. Recently, we were made aware of several vulnerabilities in our QTS operating system, as reported by WatchTowr Labs. We want to address these findings and outline the actions we are taking to resolve these issues.
We greatly appreciate the efforts of security researchers in identifying potential vulnerabilities in our products. Out of the fifteen vulnerabilities reported, we have assigned CVE IDs to those that have been confirmed. We are pleased to announce that all confirmed vulnerabilities have been addressed in the QTS 5.1.7 / QuTS hero h5.1.7, which is available now.
One of the reported vulnerabilities, CVE-2024-27130, was caused by the unsafe use of the ‘strcpy’ function in the No_Support_ACL function. This vulnerability can be exploited when sharing media with external users. However, we want to assure our users that all QTS 4.x and 5.x versions have Address Space Layout Randomization (ASLR) enabled, significantly increasing the difficulty for attackers to exploit this vulnerability. Therefore, we have assessed its severity as Medium. Nevertheless, we strongly recommend updating to QTS 5.1.7 / QuTS hero h5.1.7 as soon as possible for enhanced protection.
We understand that coordination issues may have occurred between the product release schedule and the disclosure of these vulnerabilities, and we regret any inconvenience caused. To prevent such issues in the future, we are taking steps to improve our processes and coordination.
Moving forward, we are committed to promptly addressing and releasing fixes for High or Critical severity vulnerabilities within 45 days. For Medium severity vulnerabilities, we will complete remediation and release fixes within 90 days.
We apologize for any inconvenience caused and remain dedicated to continuously enhancing our security measures. Our goal is to collaborate closely with researchers worldwide to ensure the utmost security for our products. We strongly recommend regularly updating your system to the latest version to benefit from vulnerability fixes. Please check the product support status for the latest updates available for your NAS model.
Thank you for your understanding and ongoing support.
QNAP Product Security Incident Response Team (PSIRT)
Security Advisory: QSA-24-20, QSA-24-23
About Our Team
Our team comprises industry insiders with extensive experience in computers, semiconductors, games, and consumer electronics. With decades of collective experience, we’re committed to delivering timely, accurate, and engaging news content to our readers.
Background Information
About QNAP:
QNAP Systems, founded in Taipei in 2004 by Meiji Chang, has become a global leader in NAS solutions with a strong focus on innovation and user-friendly design. Their strategic partnerships with industry giants and their commitment to pushing the boundaries of what NAS devices can do make them a noteworthy player in the tech world.Latest Articles about QNAP
Technology Explained
NAS: Network Attached Storage (NAS) is a specialized storage device or server that provides centralized data storage and access over a network, usually using Ethernet connections. NAS systems are designed to offer a convenient and efficient way to store and share files among multiple users or devices within a home or office environment. Unlike traditional storage solutions, NAS devices operate independently and have their own operating systems and management interfaces. They are characterized by easy setup and configuration, making them accessible even to users with limited technical expertise. NAS devices can offer various features, including data redundancy through RAID configurations, remote access over the internet, automatic backup, media streaming, and even application hosting in some advanced models. As a versatile and user-friendly storage solution, NAS has become a popular choice for both personal and small business use.
Latest Articles about NAS
Trending Posts
S.T.A.L.K.E.R. 2: Heart of Chornobyl Pushed to November 20, introduces Fresh Trailer
NZXT’s PC Rental Program Under Fire: Predatory Practices and Deceptive Tactics Revealed
NZXT about to launch the H6 Flow RGB, a HYTE Y60’ish Mid tower case
Intel’s CPU Roadmap: 15th Gen Arrow Lake Arriving Q4 2024, Panther Lake and Nova Lake Follow
NVIDIA GeForce NOW Expands Library with Indiana Jones and Twelve New Titles
Evergreen Posts
NZXT about to launch the H6 Flow RGB, a HYTE Y60’ish Mid tower case
Intel’s CPU Roadmap: 15th Gen Arrow Lake Arriving Q4 2024, Panther Lake and Nova Lake Follow
HYTE teases the “HYTE Y70 Touch” case with large touch screen
NVIDIA’s Data-Center Roadmap Reveals GB200 and GX200 GPUs for 2024-2025
S.T.A.L.K.E.R. 2: Heart of Chornobyl Pushed to November 20, introduces Fresh Trailer