QNAP Newsroom
Keep up to date with the latest QNAP news, awards and connect with our team
QNAP Updates Surveillance Station Pro App/QPKG to Prevent Potential Security Risk
Taipei, Taiwan, June 10, 2013 – Regarding the recently reported vulnerabilities on the QNAP® Turbo NAS with Surveillance Station Pro App/QPKG installed, QNAP has updated the Surveillance Station Pro App/QPKG and suggested that the affected Turbo NAS users immediately update to the newest version.
See below for details:
Affected Devices:
- QNAP Turbo NAS with system firmware 3.8 and Surveillance Station Pro v2.0 to 2.5 installed.
- QNAP Turbo NAS with QTS 4.0 and Surveillance Station Pro v3.0.0 installed.
These vulnerabilities do not exist if Surveillance Station Pro is not installed on Turbo NAS. No fix is required in this case.
Vulnerabilities:
- CWE-284: Improper Access Control CVE-2013-0142
- CWE-77: Improper Neutralization of Special Elements used in a Command CVE-2013-0143
- CWE-352: Cross-Site Request Forgery (CSRF). CVE-2013-0144
Please visit http://www.kb.cert.org/vuls/id/927644 for more information.
Solutions:
For QNAP Turbo NAS with system firmware QTS 4.0 and Surveillance Station Pro v3.0.0 installed, please go to App Center and upgrade Surveillance Station Pro to v3.0.2 or higher. Direct download links are available at:
- http://download.qnap.com/QPKG/SurveillanceStation_3.0.2_x86.zip
- http://download.qnap.com/QPKG/SurveillanceStation_3.0.2_arm-x19.zip
For QNAP Turbo NAS with system firmware 3.8 and Surveillance Station Pro v2.0 - 2.5 installed, please go to QPKG Center and upgrade Surveillance Station Pro to v2.6 or higher. Direct download link is available at
- http://download.qnap.com/QPKG/SurveillanceStation_2.6_x86.zip
- http://download.qnap.com/QPKG/SurveillanceStation_2.6_arm-x19.zip
Other Information:
- For any further inquiries, please contact us by email: sspro@qnap.com
- For VioStor NVR vulnerabilities, please visit VioStor forum to get the hot-fix firmware. (http://forum.qnapsecurity.com/viewtopic.php?f=50&t=183680)
“We are dedicated to providing secure and reliable solutions to our users,” said Jason Hsu, product manager of QNAP. “Our prompt response to any possible security concern is a commitment to this belief,” added Hsu.
Về QNAP
QNAP cung cấp các giải pháp công nghệ tích hợp thông qua đổi mới phần mềm, chế tạo phần cứng tinh xảo và sản xuất nội bộ. Với thế mạnh về lưu trữ, mạng và giám sát video thông minh, QNAP còn tích hợp dịch vụ đám mây để tăng cường an toàn dữ liệu, trí tuệ nhân tạo và hiệu suất quy trình làm việc. Chúng tôi hình dung NAS là một nền tảng cốt lõi kết hợp tính sẵn sàng cao, an ninh mạng, AI biên, khả năng phục hồi IT/OT và quản lý đám mây – giúp các tổ chức trong mọi ngành duy trì tính cạnh tranh trong thế giới số đang phát triển nhanh chóng.
