Manufacturer QNAP has now closed a command-injection vulnerability in the media streaming add-on. Both QTS OS and QuTS Hero Edition are affected by the vulnerability. Thanks to the vulnerability, attackers can hack QNAP NAS devices and execute arbitrary code, among other things. Since the vulnerability can be exploited remotely, all users are instructed to import the published updates immediately. QNAP rates the vulnerability as High. The corresponding information page can be found Here. The vulnerability is listed as CVE-2021-34362.
The following versions should be updated immediately:
- QTS 5.0.0: Media Streaming Addon from version 500.0.0.3 (2021/08/20) or higher
- QTS 4.5.4: Media Streaming Addon from version 500.0.0.3 (2021/08/20) or higher
- QTS 4.3.3: Media Streaming Addon from version 4126.96.36.199 (2021/09/29) or higher
- QuTS hero h5.0.0: Media Streaming Addon from version 500.0.0.3 (2021/08/20) or higher
To install the aforementioned firmware update, you must first log into QTS as an administrator. You can then search for the “media streaming add-on” using the search function in the App Center. The update process begins with a subsequent click on “Updates”.
|QNAP Turbo Station TS-873A-8G, 8GB RAM, 2x 2.5GB – T.|
From 1,073.02 €
“Social media evangelist. Baconaholic. Devoted reader. Twitter scholar. Avid coffee trailblazer.”