Security ID : QSA-23-14
Vulnerability in QuFirewall on QTS, QuTS hero, and QuTScloud
Release date : September 8, 2023
CVE identifier : CVE-2023-23356
Affected products: QuFirewall 2.3
Severity
Moderate
Status
Resolved
Summary
An OS command injection vulnerability has been reported to affect QuFirewall on QTS, QuTS hero, and QuTScloud. If exploited, the vulnerability allows authenticated administrators to execute commands via susceptible QNAP devices via network vector.
We have already fixed the vulnerability in the following versions:
- QuFirewall 2.3.3 (2023/03/27) and later
Recommendation
To secure your device, we recommend regularly updating your system and applications to their latest versions to benefit from vulnerability fixes. You can check the product support status to see the latest updates available to your NAS model.
Updating QuFirewall
- Log in to QTS, QuTS hero, or QuTScloud as an administrator.
- Open App Center and then click
.
A search box appears. - Enter "QuFirewall".
QuFirewall appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if the application is already up to date. - Click OK.
The application is updated.
Attachment
Acknowledgements: Kaibro
Revision History:
V1.0 (September 08, 2023) - Published
