[QNAP] Security Alert for Firmware Update Vulnerabilities

Pressmeddelanden från QNAP och information om förändringar och annat som berör detta forum.
Locked
micke
Site Admin
Posts: 83
Joined: 21 Jul 2012, 09:14
Location: Taipei, Taiwan

[QNAP] Security Alert for Firmware Update Vulnerabilities

Post by micke »

Release date: January 18, 2017
Last updated: January 19, 2017
Bulletin ID: NAS-201701-18
Severity rating: Medium
Affected products:
  • All QNAP NAS running QTS
Summary

QNAP is currently addressing several vulnerabilities reported by F-Secure, a cyber security company. Based on the proof-of-concept exploit, successful attacks during the firmware update process may grant attackers administrator access to the NAS. However, these vulnerabilities are not easily exploited if the NAS is connected to a wired environment.

We will update QTS and then release fixes as soon as possible. In the meantime, users can choose to disable automatic updates and avoid clicking the "Check for Update" button on the Live Update tab. Instead, QNAP recommends performing a manual update instead from the Firmware Update tab.

Disabling Live Update
  • 1. Log on as administrator to the QTS web console.
    2. Go to "Control Panel" > "Firmware Update" > "Live Update".
    3. Deselect "Automatically check if a newer version is available when logging into the NAS web administration interface".
    4. Click "Apply".
https://www.qnap.com/en/support/con_show.php?cid=109
Locked