Security Bulletins and Advisories

Language

Security Bulletins and Advisories

This page includes important information about security vulnerabilities that could affect specific versions of QNAP products. Please use the following information and solutions to correct the security issues and vulnerabilities. To help QNAP improve its products, please report security vulnerabilities to us or register to receive our latest news and future advisories via email notifications. (View QNAP Security Policy)

Date Vulnerability Severity Affected Products Solution
September 15, 2017 Security Advisory for Command Injection in Media Library Critical All QNAP NAS running QTS NAS-201709-15
September 11, 2017 Security Advisory for Command Injection in QTS and in Media Streaming Add-On Critical All QNAP NAS currently or previously installed with the Media Streaming Add-On NAS-201709-11
June 1, 2017 Security Update for Samba Writable Share Vulnerability High All NAS running QTS NAS-201705-27
May 17, 2017 Security Advisory for WannaCry Ransomware Info None NAS-201705-17
May 14, 2017 Security Vulnerability Addressed in Photo Station 5.4.1 and 5.2.7 Critical Photo Station builds earlier than version 5.4.1 (for QTS 4.3.x) and 5.2.7 (for QTS 4.2.x) NAS-201705-04
May 12, 2017 Security Advisory for Unauthorized QTS Update Critical To be confirmed NAS-201705-12
March 21, 2017 Security Vulnerabilities Addressed in QTS 4.2.4 Build 20170313 Critical All QNAP NAS running QTS NAS-201703-21
February 15, 2017 myQNAPcloud Weakness Addressed in QTS 4.2.3 Build 20170213 Medium All QNAP NAS running QTS NAS-201702-15
January 18, 2017 Security Vulnerabilities Addressed in QTS 4.2.3 Builds 20170121 and 20170124 Medium All QNAP NAS running QTS 4.2.2 and earlier NAS-201701-18
January 6, 2017 Security Vulnerabilities Addressed in QTS 4.2.3 Builds 20170121 and 20170124 Medium All QNAP NAS running QTS 4.2.2 and earlier NAS-201701-06
November 10, 2016 Security Vulnerabilities Addressed in QTS 4.2.2 Build 20161102 Medium All QNAP NAS running QTS firmware prior to 4.2.2 Build 20161102 NAS-201611-10
August 26, 2016 Security Vulnerabilities Addressed in QTS 4.2.2 Build 20160901 High All QNAP NAS running QTS firmware version 4.2.0, 4.2.1, or 4.2.2 NAS-201608-26
June 17, 2016 Medium Every QNAP NAS with firmware prior to 4.2.1 Build 20160601 NAS-201606-17
April 19, 2016 High All QNAP NAS running the Microsoft Networking service (Samba) NAS-201604-19
Sep 22, 2015 Not vulnerable None NAS-201509-22
Sep 15, 2015 Critical Every QNAP NAS with firmware prior to 4.1.4 Build 0910 and 4.2.0 RC2 (Build 0910) NAS-201509-15
Aug 7, 2015 Critical All Turbo NAS series with firmware prior to 4.1.4 build 0804 NAS-201508-07
Feb 26, 2015 Critical All Turbo NAS series running file and printing service with Microsoft networking (Samba) NAS-201502-26
Jan 29, 2015 Critical All Turbo NAS series NAS-201501-29
Dec 24, 2014 Critical All Turbo NAS series that are connected to residential gateway devices (e.g. routers) using vulnerable versions of the Allegro RomPager embedded web server NAS-201412-24
Dec 12, 2014 Critical All Turbo NAS series with firmware versions prior to 4.1.1 build 1003 and are not applied with Qfix 1.0.2 build 1008 NAS-201412-12
Dec 5, 2014 Critical All Turbo NAS series that host websites built on Joomla! 2.5.x versions prior to 2.5.27 and 3.x versions prior to 3.3.6. NAS-201412-05
Dec 4, 2014 Critical All Turbo NAS series that host websites built on WordPress versions 4.0.0 and earlier. NAS-201412-04
Nov 20, 2014 Medium All Turbo NAS series with QTS 4.1.1 and prior versions NAS-201411-20
Nov 12, 2014 Not vulnerable All Turbo NAS series are not affected by these vulnerabilities. NAS-201411-12
Nov 6, 2014 Critical All Turbo NAS series that host websites built on Drupal core 7.x versions prior to 7.32. NAS-201411-06
Oct 29, 2014 Medium All Turbo NAS series NAS-201410-29
Oct 17, 2014 Critical NAS firmware with 3.8.0 ~ QTS 4.1.1 NAS-201410-17
Oct 5, 2014 Critical All Turbo NAS models except TS-100, TS-101, TS-200 NAS-201410-05
Sep 29, 2014 Critical NAS firmware with 3.8.0 ~ QTS 4.1.1 NAS-201409-29
Aug 11, 2014 Medium All QNAP Turbo NAS with WordPress
version 3.1.2 (and previous)
NAS-201408-22
July 18, 2014 Critical NAS firmware with
QTS 4.0.0 ~ 4.0.3
NAS-201407-01
Jan. 9, 2014 Critical NAS firmware with
QTS 4.0.0 ~ 4.0.3
NAS-201401-01
Jun. 10, 2013 Medium Surveillance Station v2.0 – v2.5
Surveillance Station v3.0.0 – v3.0.2
NAS-201306-01
Sep. 21, 2009 Medium NAS Firmware 2.1.7 ~ 3.1.1 NAS-200909-01