Security Advisory for Notification Center

Summary

A reported Notification Center vulnerability may affect QNAP NAS devices running QTS 4.3.6 and earlier versions. If exploited, the vulnerability could allow remote attackers to inject Javascript code in the compromised application.

We have already fixed this issue in the following QTS versions:

• QTS 4.4.1: build 20190527 and later
• QTS 4.4.0: build 20190323 and later
• QTS 4.3.6: build 20190328 and later

Recommendation

To fix the vulnerability, we recommend updating QTS and Notification Center to their latest versions.

Installing the QTS Update

1. Log on to QTS as administrator.
2. Go to Control Panel > System > Firmware Update.
3. Under Live Update, click Check for Update.
   QTS downloads and installs the latest available update.

Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.

Updating Notification Center

1. Log on to QTS as administrator.
2. Open the App Center, and then click the Search icon.
   A search box appears.
3. Type “Notification Center”, and then press ENTER.
   The Notification Center application appears in the search results list.
4. Click Update.
   A confirmation message appears.
5. Click OK.
   The application is updated.

Note: The Update button is not available if you are already using the latest version.