QNAP Systems, Inc. - Network Attached Storage (NAS)

Language

QNAP
Software Update and Security Advisory

The QNAP Security Response Team continuously investigates all security threats and releases updates as necessary to safeguard QNAP NAS users from the impact of malware and attacks.

Software Update

The best way to maintain security is to keep your software up-to-date. Update your NAS software now to prevent possible intrusions. Download the latest software updates from http://www.qnap.com/download

Common Vulnerabilities and Exposures

QNAP is a recognized CNA (CVE Numbering Authority) by the MITRE Corporation. QNAP has the power to assign a CVE ID for vulnerabilities within our software. All security issues are handled transparently.

Reporting and notification of security vulnerabilities

We encourage developers and power users to report any potential or confirmed security vulnerabilities of QNAP products to the Security Response Team. You can also subscribe to our Security Advisory Newsletter to receive timely notifications from QNAP.

Security Advisory

The list summarizes security vulnerabilities of QNAP products, and their relevant description. Please patch vulnerabilities based on the following information and solutions provided.

Date (YYYY-MM-DD) Description Severity Affected Model(s) Solution

You can count on QNAP, because…

  • QNAP cares about your information security, and we have been certified as ISO 27001:2013 compliant since 2014.
  • Use IP blacklisting and whitelisting to deny/allow access.
  • Define criteria for determining attacks, and block connections when conditions are met.
  • TLS/SSL encryption and certificate can further secure your connections.
  • Hardware-accelerated AES-256 encryption for volumes/folders to protect confidential data.
  • Use 2-step authentication to further secure your account with a time-based one-time password (OTP).
  • QNAP products have been thoroughly scanned and evaluated for vulnerabilities to ensure quality.
  • Complete backup solutions, including remote or cloud backup, snapshot and snapshot replica, to secure your data.