Search

Security ID : QSA-23-14

Vulnerability in QuFirewall on QTS, QuTS hero, and QuTScloud

  • Release date : September 8, 2023

  • CVE identifier : CVE-2023-23356

  • Affected products: QuFirewall 2.3

Severity

Moderate

Status

Resolved

Summary

An OS command injection vulnerability has been reported to affect QuFirewall on QTS, QuTS hero, and QuTScloud. If exploited, the vulnerability allows authenticated administrators to execute commands via susceptible QNAP devices via network vector.

We have already fixed the vulnerability in the following versions:

  • QuFirewall 2.3.3 (2023/03/27) and later

Recommendation

To secure your device, we recommend regularly updating your system and applications to their latest versions to benefit from vulnerability fixes. You can check the product support status to see the latest updates available to your NAS model.

Updating QuFirewall

  1. Log in to QTS, QuTS hero, or QuTScloud as an administrator.
  2. Open App Center and then click .
    A search box appears.
  3. Enter "QuFirewall".
    QuFirewall appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if the application is already up to date.
  5. Click OK.
    The application is updated.

Attachment

Acknowledgements: Kaibro

Revision History:
V1.0 (September 08, 2023) - Published

Choose specification

      Show more Less

      Choose Your Country or Region

      open menu
      back to top