{"id":21317,"date":"2021-09-11T12:19:49","date_gmt":"2021-09-11T10:19:49","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=21317"},"modified":"2021-09-11T12:19:49","modified_gmt":"2021-09-11T10:19:49","slug":"sicherheitspatch-fr-qnap-systeme","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2021\/09\/11\/sicherheitspatch-fr-qnap-systeme\/","title":{"rendered":"Security patches for QNAP systems (2021\/09\/10)"},"content":{"rendered":"<p><img decoding=\"async\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" width=\"200\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/2021\/09\/11\/sicherheitspatch-fr-qnap-systeme\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]NAS manufacturer QNAP has released security updates for devices that work with QTS, QuTS hero and QuTScloud on September 10, 2021. In addition, there are probably also security updates for routers with QuNetSwitch. The security updates are intended to close vulnerabilities that are already being exploited by attackers.<\/p>\n<p><!--more--><\/p>\n<h2>Vulnerability CVE-2018-19957<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg07.met.vgwort.de\/na\/ab5843f04e7745219e1de0669238577c\" width=\"1\" height=\"1\">According to <a href=\"https:\/\/www.qnap.com\/en-us\/security-advisory\/qsa-21-03\" target=\"_blank\" rel=\"noopener\">this QNAP security advisory<\/a> QNAP NAS with QTS, QuTS hero and QuTScloud are affected by a vulnerability. The CVE-2018-19957 vulnerability stems from insufficient HTTP security headers and allows remote attackers to launch privacy and security attacks. The following software releases fix this vulnerability:<\/p>\n<ul>\n<li>QTS 4.5.4.1715 build 20210630 and later\n<li>QuTS hero h4.5.4.1771 build 20210825 and later\n<li>QuTScloud c4.5.6.1755 build 20210809 and later<\/li>\n<\/ul>\n<p>QNAP provides security advisories for updating the software <a href=\"https:\/\/www.qnap.com\/en-us\/security-advisory\/qsa-21-03\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>\n<h2>CVE-2021-28816 and CVE-2021-34343<\/h2>\n<p>CVE-2021-28816 and CVE-2021-34343 denote a stack buffer overflow vulnerability in QTS, QuTS hero, and QuTScloud, respectively. If exploited, these vulnerabilities allow attackers to execute arbitrary code. The following software releases fix this vulnerability:<\/p>\n<ul>\n<li>QTS 5.0.0.1716 build 20210701 and later\n<li>QTS 4.5.4.1715 build 20210630 and later\n<li>QTS 4.3.6.1750 build 20210730 and later\n<li>QTS 4.3.3.1693 build 20210624 and later\n<li>QuTS hero h4.5.4.1771 build 20210825 and later\n<li>QuTScloud c4.5.6.1755 and later<\/li>\n<\/ul>\n<p>QNAP provides security information about updating the software <a href=\"https:\/\/www.qnap.com\/en-us\/security-advisory\/qsa-21-33\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>\n<h2>Vulnerability CVE-2021-28813 in QuNetSwitch<\/h2>\n<p>Vulnerability <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-28813\" target=\"_blank\" rel=\"noopener\">CVE-2021-28813<\/a> allows remote attackers to read sensitive information by accessing an unrestricted storage mechanism. The vulnerability affects the router that QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. According <a href=\"https:\/\/www.qnap.com\/en\/security-advisory\/qsa-21-37\" target=\"_blank\" rel=\"noopener\">to QNAP<\/a>, the vulnerability is fixed with the following firmware.<\/p>\n<ul>\n<li>QSW-M2116P-2T2S 1.0.6 build 210713 and later\n<li>QGD-1600P: QuNetSwitch 1.0.6.1509 and later\n<li>QGD-1602P: QuNetSwitch 1.0.6.1509 and later\n<li>QGD-3014PT: QuNetSwitch 1.0.6.1519 and later<\/li>\n<\/ul>\n<p>It is recommended, to update the devices as soon as possible, because it may be used in attacks to this devices. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]NAS manufacturer QNAP has released security updates for devices that work with QTS, QuTS hero and QuTScloud on September 10, 2021. In addition, there are probably also security updates for routers with QuNetSwitch. The security updates are intended to close &hellip; <a href=\"https:\/\/borncity.com\/win\/2021\/09\/11\/sicherheitspatch-fr-qnap-systeme\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,22],"tags":[950,69],"class_list":["post-21317","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-update","tag-nas","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/21317","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=21317"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/21317\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=21317"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=21317"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=21317"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}