Security ID : QSA-21-61

Vulnerability in QVPN Service

Release date : January 7, 2022
Affected products: QNAP NAS running QVPN Service

Severity

Important

Status

Resolved

Summary

A vulnerability has been reported to affect QNAP NAS running QVPN Service 3.x. If exploited, the vulnerability allows attackers to run arbitrary code in the system.

We have already fixed the vulnerability in the following versions of QVPN Service:

QVPN Service 3.0.760 (2021/12/17) and later

Recommendation

To fix the vulnerability, we recommend updating QVPN Service to the latest version.

Updating QVPN Service

Log on to QTS or QuTS hero as administrator.
Open the App Center and then click .
A search box appears.
Enter "QVPN Service".
QVPN Service appears in the search results.
Click Update.
A confirmation message appears.
Note: The Update button is not available if your application is already up to date.
Click OK.
The application is updated.

Revision History: V1.0 (January 7, 2022) - Published