資訊安全公告

Language

資訊安全公告

本頁面針對特定 QNAP機種的安全性弱點提供相關說明。請依據這些資訊及我們所提供的解決方案修正安全性弱點。為了讓 QNAP提供更好的服務,您也可以回報安全性問題給我們,或是註冊我們的安全性電子郵件通知,以便接收我們日後提出的任何建議。(查看 QNAP 資安策略)

日期 安全性弱點 等級 受影響機種 解決方案
January 18, 2017 Security Alert for Firmware Update Vulnerabilities Medium All QNAP NAS running QTS NAS-201701-18
January 6, 2017 Security Alert for Heap Overflow Vulnerability Medium All QNAP NAS NAS-201701-06
November 10, 2016 Security Vulnerabilities Addressed in QTS 4.2.2 Build 20161102 Medium All QNAP NAS running QTS firmware prior to 4.2.2 Build 20161102 NAS-201611-10
August 26, 2016 Security Vulnerabilities Addressed in QTS 4.2.2 Build 20160901 High All QNAP NAS running QTS firmware version 4.2.0, 4.2.1, or 4.2.2 NAS-201608-26
June 17, 2016 Medium Every QNAP NAS with firmware prior to 4.2.1 Build 20160601 NAS-201606-17
April 19, 2016 High All QNAP NAS running the Microsoft Networking service (Samba) NAS-201604-19
Sep 22, 2015 Not vulnerable None NAS-201509-22
Sep 15, 2015 Critical Every QNAP NAS with firmware prior to 4.1.4 Build 0910 and 4.2.0 RC2 (Build 0910) NAS-201509-15
Aug 7, 2015 Critical All Turbo NAS series with firmware prior to 4.1.4 build 0804 NAS-201508-07
Feb 26, 2015 Critical All Turbo NAS series running file and printing service with Microsoft networking (Samba) NAS-201502-26
Jan 29, 2015 Critical All Turbo NAS series NAS-201501-29
Dec 24, 2014 Critical All Turbo NAS series that are connected to residential gateway devices (e.g. routers) using vulnerable versions of the Allegro RomPager embedded web server NAS-201412-24
Dec 12, 2014 Critical All Turbo NAS series with firmware versions prior to 4.1.1 build 1003 and are not applied with Qfix 1.0.2 build 1008 NAS-201412-12
Dec 5, 2014 Critical All Turbo NAS series that host websites built on Joomla! 2.5.x versions prior to 2.5.27 and 3.x versions prior to 3.3.6. NAS-201412-05
Dec 4, 2014 Critical All Turbo NAS series that host websites built on WordPress versions 4.0.0 and earlier. NAS-201412-04
Nov 20, 2014 Medium All Turbo NAS series with QTS 4.1.1 and prior versions NAS-201411-20
Nov 12, 2014 Not vulnerable All Turbo NAS series are not affected by these vulnerabilities. NAS-201411-12
Nov 6, 2014 Critical All Turbo NAS series that host websites built on Drupal core 7.x versions prior to 7.32. NAS-201411-06
Oct 29, 2014 Medium All Turbo NAS series NAS-201410-29
Oct 17, 2014 Critical NAS firmware with 3.8.0 ~ QTS 4.1.1 NAS-201410-17
Oct 5, 2014 Critical All Turbo NAS models except TS-100, TS-101, TS-200 NAS-201410-05
Sep 29, 2014 Critical NAS firmware with 3.8.0 ~ QTS 4.1.1 NAS-201409-29
Aug 11, 2014 Medium All QNAP Turbo NAS with WordPress
version 3.1.2 (and previous)
NAS-201408-22
July 18, 2014 Critical NAS firmware with
QTS 4.0.0 ~ 4.0.3
NAS-201407-01
Jan. 9, 2014 Critical NAS firmware with
QTS 4.0.0 ~ 4.0.3
NAS-201401-01
Jun. 10, 2013 Medium
Surveillance Station v2.0 – v2.5
Surveillance Station v3.0.0 – v3.0.2
NAS-201306-01
Sep. 21, 2009 Medium NAS Firmware 2.1.7 ~ 3.1.1 NAS-200909-01