QTS

QTS 是入門到中階 QNAP NAS 使用的作業系統,採用 Linux 核心及 ext4 檔案系統,讓每個人輕鬆享有可靠的儲存空間,並體驗多樣的加值功能及應用,例如快照及 Plex 媒體伺服器,此外,免費的 myQNAPcloud 服務更可讓您快速便利地存取個人私有雲。

系統
應用

QuTS hero

QuTS hero 是高階到企業級 QNAP NAS 使用的作業系統,採用 Linux 核心及 ZFS 檔案系統,並支援多種先進的資料減量技術,助您進一步降低 SSD (全快閃) 儲存空間的成本,並提升其可靠度。

系統
應用

QuTScloud

QuTScloud 是 QNAP 雲 NAS 虛擬裝置的作業系統。QuTScloud 可供部署在公有雲及本地 Hypervisor,讓您優化雲端資料運用及靈活指派資源,且訂閱成本清楚可預測。

系統
應用

QES

QES 是雙控制器 QNAP NAS 使用的作業系統,採用 FreeBSD 核心及 ZFS 檔案系統,並針對 SSD 進行最佳化,能帶來卓越的全快閃陣列效能。

系統
產品
資源

QNE Network

QNE Network 是 QNAP 的通用客戶端設備 (uCPE) 產品 QuCPE 採用的作業系統。您可在 QNE Network 上執行虛擬化網路功能 (VNF)、自由配置軟體定義網路 (SD-WAN) 並享受多重優勢,例如更合宜的成本,以及更少的管理投入。

系統
應用

QSS

QSS 是 QNAP 之網管型交換器的管理介面。您可快速啟用及配置多種網管功能,包括鏈路聚合 (LACP)、VLAN 及 RSTP,輕鬆管理您的區域網路架構。

系統

QuRouter

QuRouter 路由器管理系統專為 QNAP 路由器量身打造,幫助您輕鬆管理高速、高覆蓋率的有線無線網路,並執行 NAT、VPN、安全性與 QuWAN SD-WAN 等進階功能。

系統
應用

QVR Elite

QVR Elite 是 QNAP 之 QTS、QuTS hero 及 QNE Network 作業系統中的訂閱制網路錄影主機 (NVR) 軟體。其平易近人的月費讓一般家庭及中小企業也能打造成本合宜、功能強大且靈活可擴充的視訊監控系統。

系統
資源

QVR Pro

QVR Pro 是 QNAP 之 QVR Pro 視訊監控專用機的網路錄影主機 (NVR) 軟體。QVR Pro 更可搭配一系列軟體使用,包括人臉辨識及門禁管理等,讓運用更廣泛多元。

系統
應用
資源

QVR Face

QVR Face 是一套智慧人臉辨識解決方案,可即時分析來自連線攝影機的即時影像串流。QVR Face 更可整合多種應用情境,進行智慧考勤管理、門禁控制管理、VIP 人員提示系統及智慧零售服務等。

系統
應用
資源

智慧影像解決方案

QNAP 智慧影像解決方案提供多種不同的智慧型整合解決方案,例如視訊會議及智慧零售等,讓個人及企業生產力獲得顯著提升。

視訊會議
智慧零售
<< Back to Security Advisory List

Resolved Security Advisory for Vulnerabilities in Helpdesk, Music Station, and File Station

  • Release date: November 20, 2019
  • Security ID: NAS-201911-20
  • Severity: High
  • CVE identifier: CVE-2018-0728 | CVE-2018-0729 | CVE-2018-0730
  • Affected products: QNAP NAS devices
  • Status: Resolved

Summary

Three vulnerabilities are reported to affect all versions of Helpdesk, Music Station, and File Station.

  • CVE-2018-0728: This improper access control vulnerability in Helpdesk allows attackers to access the system logs.
  • CVE-2018-0729: This command injection vulnerability in Music Station allows attackers to execute commands on the affected device.
  • CVE-2018-0730: This command injection vulnerability in File Station allows attackers to execute commands on the affected device.

QNAP has fixed these issues in the following software versions.

Helpdesk:

  • All QTS versions: Helpdesk 3.0.0 and later

Music Station:

  • QTS 4.4.1: Music Station 5.3.5 and later
  • QTS 4.3.6: Music Station 5.2.7 and later
  • QTS 4.3.4: Music Station 5.1.11 and later
  • QTS 4.3.3: Music Station 5.1.11 and later
  • QTS 4.2.6: Music Station 4.8.8 and later

File Station:

  • QTS 4.4.1: build 20190918 and later
  • QTS 4.3.6: build 20190328 and later
  • QTS 4.3.4: build 20190325 and later
  • QTS 4.3.3: build 20190325 and later
  • QTS 4.2.6: build 20190325 and later

Recommendation

To fix these vulnerabilities, we recommend updating QTS, Helpdesk and Music Station to their latest versions.

Important:

Regardless of which version of QTS you currently use, QNAP strongly recommends updating your QTS to the latest available version for your NAS model to ensure that your device can benefit from vulnerability fixes. You can check the product support status of your NAS model.

Installing the QTS Update

  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > Firmware Update.
  3. Under Live Update, click Check for Update.
    QTS downloads and installs the latest available update.

Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.

Updating Helpdesk

  1. Log on to QTS as administrator.
  2. Open the App Center, and then click.
    A search box appears.
  3. Type “Helpdesk”, and then press ENTER.
    The Helpdesk application appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if you are using the latest version.
  5. Click OK.
    The application is updated.

Updating Music Station

  1. Log on to QTS as administrator.
  2. Open the App Center, and then click .
    A search box appears.
  3. Type “Music Station”, and then press ENTER.
    The Music Station application appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if you are using the latest version.
  5. Click OK.
    The application is updated.

 

Acknowledgements: CyCarrier CSIRT

Revision History: V1.0 (November 20, 2019) - Published

選擇規格

      顯示更多 隱藏更多

      選擇其他偏好的語言:

      open menu
      back to top