QNAP Operating Systems Flaw

QNAP operating systems are robust, user-friendly software platforms that power NAS and NVR devices. QNAP offers four operating systems, and here below we have mentioned them:-

  • QTS
  • QuTS hero
  • QuTScloud
  • QES

Since the wide use of its operating systems and devices, a high severity or critical security flaw could easily disrupt the complete network infrastructure.

Recently, QNAP identified a high-severity vulnerability in its multiple operating systems, and the flaw has been tracked as:-

  • CVE-2022-27600

Flaw Profile

  • CVE ID: CVE-2022-27600
  • Summary: An uncontrolled resource consumption vulnerability has been reported to affect multiple QNAP operating systems. The vulnerability allows remote users to launch a denial-of-service (DoS) attack if exploited.
  • Release date: July 28, 2023
  • Security ID: QSA-23-09
  • Severity: High
  • Affected products: Certain QNAP Devices
  • Status: Resolved

This high-severity vulnerability has been found to be affecting the:-

  • QTS
  • QuTS hero
  • QuTScloud
  • QVP (QVR Pro appliances)

Fix

However, the good thing is that QNAP has already fixed the vulnerability, and here below, we have mentioned all the fixed versions:-

  • QTS 5.0.1.2277 build 20230112 and later
  • QTS 4.5.4.2280 build 20230112 and later
  • QuTS hero h5.0.1.2277 build 20230112 and later
  • QuTS hero h4.5.4.2374 build 20230417 and later
  • QuTScloud c5.0.1.2374 build 20230419 and later
  • QVR Pro Appliance 2.3.1.0476 and later

Recommendation

Security researchers at QNAP strongly recommended users immediately update their outdated systems and devices to mitigate this vulnerability. 

While they have also urged users to regularly update their QNAP system to the latest version for enhanced security, moreover, to see the most recent updates for your QNAP device, you can check its product support status.

How to update?

Follow these simple steps to update QTS, QuTS hero, or QuTScloud:-

  • First, as an administrator, you must log in to QTS, QuTS Hero, or QuTScloud.
  • Then, go to the Control Panel.
  • Now you have to select the System option.
  • After that, select the Firmware Update.
  • Now, under the ‘Live Update’ option, you have to click the ‘Check for Update.’

Follow these simple steps to update QVP (QVR Pro Appliances):-

  • First, as an administrator, you must log in to QVP.
  • Then, go to the Control Panel.
  • Now you have to select the System option.
  • After that, select the Firmware Update.
  • Now, select the Firmware Update tab.
  • Then, click the ‘Browse…’ option to upload the latest firmware file.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNewsLinkedinTwitter, and Facebook.

Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.