QTS 5.0.0 security updates for QNAP NAS devices (June 8, 2022)

Sicherheit (Pexels, allgemeine Nutzung)[German]Short note to readers who have NAS drives from QNAP in use. There are serious vulnerabilities in the QTS 5.0.0 software in older versions, which were fixed on June 8, 2022 with an update of the firmware to QTS 5.0.0.2055 build 20220531. The installation of this update is strongly recommended. Older QTS versions (4.x etc.) should have been fixed long ago.


Advertising

German blog reader Singlethread pointed out this firmware update for QTS 5.x and the closed vulnerabilities in a comment in the discussion area (thanks for that). 

If anyone is using QNAP NAS devices. There are again important updates in the version QTS 5.0.0.2055 build 20220531, which was released on June 08, 2022.

QNAP has disclosed more details about the closed vulnerabilities in several Security Advisories. I could not find anything about this in QNAP's overview page of published Security Advisories – the last updates are from May 2022. The background is that these are old known vulnerabilities from March and April 2022, but they have only now been closed in QTS 5.0.0.

QSA-22-06: Vulnerability CVE-2022-0778

Vulnerability CVE-2022-0778 (Infinite Loop Vulnerability in OpenSSL) has been known since March 29, 2022 and has actually been fixed for a long time. However, according to QSA-22-06, QNAP did not release the corresponding QTS 5.0.0 version to close the vulnerability until June 10, 2022.   

QSA-22-22: Several vulnerabilities

Security Advisory QSA-22-12 dated April 25, 2022 describes several vulnerabilities (CVE-2021-31439, CVE-2022-23121, CVE-2022-23123, CVE-2022-23122, CVE-2022-23125, CVE-2022-23124, CVE-2022-0194) in Apache HTTP Server. With the firmware update released on June 10, 2022, these vulnerabilities were also closed in QTS 5.0.0.

QSA-22-11: Several vulnerabilities

Security Advisory QSA-22-11


Advertising

dated April 20, 2022 describes several vulnerabilities (CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943) in Apache HTTP Server. With the firmware update released on June 10, 2022, these vulnerabilities were also closed in QTS 5.0.0.


Advertising

This entry was posted in devices, Security, Software, Update and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).