Security ID : NAS-201807-20
Security Advisory for Side-Channel Vulnerabilities
Release date : July 20, 2018
CVE identifier : CVE-2018-3639 | CVE-2018-3640
Affected products: Several QNAP NAS models
Severity
Moderate
Status
Resolved
Summary
Two vulnerabilities were recently found in Intel, AMD, and ARM processors. If exploited, these vulnerabilities could allow attackers to view sensitive information and system parameters on affected devices. These vulnerabilities affect several QNAP devices listed below.
We are currently working on solutions for these issues. We will continue updating this advisory with the latest information.
Affected NAS models
Enterprise NAS |
||
| 8-bay: | ||
|
TS-879 Pro TS-879U-RP TS-EC879U-RP |
TS-EC880 Pro TS-EC880U R2 |
TS-EC880U-RP TVS-EC880 |
| 10-bay: | ||
|
TS-1079 Pro TS-EC1080 Pro |
TVS-EC1080 | TVS-EC1080+ |
| 12-bay: | ||
|
SS-EC1279U-SAS-RP TS-1279U-RP TS-EC1279U-RP |
TS-EC1279U-SAS-RP TS-EC1280U R2 TS-EC1280U-RP |
TVS-EC1280U-SAS-RP TVS-EC1280U-SAS-RP R2 |
| 15-bay: | ||
| TVS-EC1580MU-SAS-RP | TVS-EC1580MU-SAS-RP R2 | |
| 16-bay: | ||
|
ES1640dc ES1640dc v2 TDS-16489U TS-1679U-RP |
TS-EC1679U-SAS-RP TS-EC1679U-RP TS-EC1680U R2 |
TS-EC1680U-RP TVS-EC1680U-SAS-RP TVS-EC1680U-SAS-RP R2 |
| 24-bay: | ||
| TS-EC2480U R2 | TVS-EC2480U-SAS-RP | TVS-EC2480U-SAS-RP R2 |
| TS-EC2480U-RP | ||
SMB NAS |
||
| 2-bay: | ||
| TS-253B | ||
| 4-bay: | ||
|
TS-432XU TS-432XU-RP TS-453B TS-453B mini TS-453BT3 TS-453BU |
TS-453BU-RP TS-463U TS-463U-RP TS-470 Pro TVS-463 TVS-470 |
TVS-471 TVS-471U TVS-471U-RP TVS-473 TVS-473e |
| 5-bay: | ||
| TS-563 | ||
| 6-bay: | ||
|
TS-653B TS-670 Pro TS-677 TVS-663 |
TVS-670 TVS-671 TVS-673 |
TVS-673e TVS-682 TVS-682T |
| 8-bay: | ||
|
TS-809 Pro TS-809U-RP TS-832X TS-832XU TS-832XU-RP TS-853BU TS-853BU-RP TS-863U TS-863U-RP |
TS-873U TS-873U-RP TS-877 TVS-863 TVS-863+ TVS-870 TVS-871 TVS-871T TVS-871U-RP |
TVS-873e TVS-882 TVS-882BR TVS-882BRT3 TVS-882ST2 TVS-882ST3 TVS-882T TVS-873 TS-870 Pro |
| 9-bay: | ||
| TS-932X | ||
| 12-bay: | ||
|
TS-1232XU TS-1232XU-RP TS-1253BU TS-1253BU-RP TS-1263U |
TS-1263U-RP TS-1273U TS-1273U-RP TS-1277 |
TVS-1271U-RP TVS-1282 TVS-1282T TVS-1282T3 |
| 15-bay: | ||
| TVS-1582TU | ||
| 16-bay: | ||
| TS-1635AX | TS-1673U | TS-1673U-RP |
| 18-bay: | ||
| SS-EC1879U-SAS-RP | ||
| 24-bay: | ||
| SS-EC2479U-SAS-RP | ||
Recommendations:
Since attackers may attempt to compromise QNAP devices using malicious code and applications, QNAP recommends the following precautions:
- Do not install applications from unknown third-party sources.
- Do not open or run unknown virtual machine (VM) images on your device.
- Do not run unknown software in Container Station.
Revision History: V1.0 (July 20, 2018) - Published
