Security ID : QSA-25-17

Vulnerability in Tornado

Release date : June 7, 2025
CVE identifier : CVE-2023-28370
Affected products: QES 2.2.0

Severity

Moderate

Status

Resolved

Summary

A vulnerability has been reported in Tornado that affects QES 2.2.0.

We have already fixed the vulnerability in the following version:

Affected Product	Fixed Version
QES 2.2.0	QES 2.2.1 build 20241231 and later

Recommendation

To fix the vulnerability, we recommend updating QES to the latest version.

Installing the QES Update

Log on to QES as administrator.
Go to Control Panel > System > Firmware Update.
Under Live Update, click Check for Update.
QES downloads and installs the latest available update.

Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.

Attachment

QSA-25-17.json

Revision History:
V1.0 (June 07, 2025) - Published

Lager

Netværk

Udvidelsestilbehør

Overvågning

NAS

Netværk

Overvågning

Summary

Recommendation

Installing the QES Update

Choose Your Country or Region

Asia

Europe

America

Global