Search

Security ID : QSA-20-19

Hard-coded Password Vulnerability in QES

  • Release date : December 23, 2020

  • CVE identifier : CVE-2020-2499

  • Affected products: QNAP NAS running QES

Severity

Important

Status

Resolved

Summary

A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password.

QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later.

Recommendation

To fix this vulnerability, we recommend updating QES to the latest version.

Installing the QES Update

  1. Log on to QES as administrator.
  2. Go to Control Panel > System > Firmware Update.
  3. Under Live Update, click Check for Update.
    QES downloads and installs the latest available update.

Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.

Acknowledgements: Lodestone Security

Revision History: V1.0 (December 23, 2020) - Published

仕様を選択

      もっと見る 閉じる

      当ページを他の国/地域で見る:

      気軽にお問い合わせ! show inquiry button
      open menu
      back to top