Socialpost

Complete News World

QNAP: Vulnerabilities have been fixed in the QTS plugin

qnap-logo

Manufacturer QNAP has now closed a command-injection vulnerability in the media streaming add-on. Both QTS OS and QuTS Hero Edition are affected by the vulnerability. Thanks to the vulnerability, attackers can hack QNAP NAS devices and execute arbitrary code, among other things. Since the vulnerability can be exploited remotely, all users are instructed to import the published updates immediately. QNAP rates the vulnerability as High. The corresponding information page can be found Here. The vulnerability is listed as CVE-2021-34362.

The following versions should be updated immediately:

  • QTS 5.0.0: Media Streaming Addon from version 500.0.0.3 (2021/08/20) or higher
  • QTS 4.5.4: Media Streaming Addon from version 500.0.0.3 (2021/08/20) or higher
  • QTS 4.3.3: Media Streaming Addon from version 430.1.8.12 (2021/09/29) or higher
  • QuTS hero h5.0.0: Media Streaming Addon from version 500.0.0.3 (2021/08/20) or higher

To install the aforementioned firmware update, you must first log into QTS as an administrator. You can then search for the “media streaming add-on” using the search function in the App Center. The update process begins with a subsequent click on “Updates”.

Prices and availability
QNAP Turbo Station TS-873A-8G, 8GB RAM, 2x 2.5GB – T.
unavailable unavailable

From 1,073.02 €