QNAP Releases Qfixes for Samba Writable Share Vulnerability
Taipei, Taiwan, June 2, 2017 – The administrators of the open-source software Samba have disclosed a vulnerability in their software, which can be used to execute malicious code on affected devices. QNAP® Systems, Inc is committed to protecting the privacy and data security of our users and has released Qfixes for QNAP NAS to patch this vulnerability. QNAP urges users to install these Qfixes on their QNAP NAS to protect against unauthorized access.
Samba is a network protocol for file and printer sharing. The CVE-2017-7494 remote code execution vulnerability allows clients with write permission to upload a shared library to a shared folder, and then cause the server to load and execute it. By utilizing this exploit, malicious users can run any code on remote servers and obtain administrator privileges. QNAP has provided separate Qfixes for QTS version 4.3.x and 4.2.x. QNAP recommends that users update QTS to the latest version available for their NAS, and then install the Qfix.
To learn more about how QNAP safeguards cyber security, please visit QNAP Security Bulletins and Advisories
威聯通科技股份有限公司 (QNAP Systems, Inc.)，如同其品牌所傳達「優質網路應用設備供應商」的承諾，以提供全面及先進的 NAS 網路儲存裝置及 NVR 安全監控系統解決方案為目標，讓使用者享有操作簡單、穩定性能及大儲存空間的數位應用產品。威聯通完美融合科技與設計理念，有效增進企業檔案管理、虛擬化應用、儲存空間管理，及安全監控的管理效率，同時也為家庭使用者提供多媒體影音體驗，豐富家庭娛樂生活。威聯通立足台北，用無盡的創新及熱情將優質產品帶給全世界。