Security ID : NAS-201802-01
Security Advisory for Dnsmasq Vulnerabilities in Container Station
Release date : February 1, 2018
CVE identifier : CVE-2017-14491 | CVE-2017-14492 | CVE-2017-14493 | CVE-2017-14494 | CVE-2017-14495 | CVE-2017-14496 | CVE-2017-13704
Affected products: Container Station versions 1.7.2502 and earlier
Severity
Critical
Status
Resolved
Summary
A number of Dnsmasq vulnerabilities have been discovered in Container Station. If exploited, these security issues may expose NAS devices using Container Station versions 1.7.2502 and earlier to possible remote code execution or denial-of-service attacks. They may also allow attackers to access sensitive information.
We have already patched these vulnerabilities in Container Station version 1.7.2569.
Recommendation
To resolve the issue, you must update Container Station to version 1.7.2569.
If you are using any of the following NAS models, you do not need to update Container Station since they already have the latest version:
- TS-128A
- TS-228A
Upgrading to Container Station 1.7.2569
- Log on to QTS as administrator.
- Open the App Center, and then click the Search icon.
A search box appears. - Type “Container Station”, and then press ENTER.
The Container Station application appears in the search results list. - Click Update.
A confirmation message appears. - Click OK.
The application is updated.
Revision History: V1.0 (February 01, 2018) - Published
