QNAP Updates
1783Warning Date
Severity Level
Warning Number
Target Sector
23 November, 2021
● High
2021-3915
All
Description:
QNAP has released security updates to address several vulnerabilities in the following product:
- QNAP NAS
- running QTS and QuTS hero
- running QmailAgent
- running Ragic Cloud DB
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Cross-site request forgery (CSRF)
- Reflected cross-site scripting (XSS)
- Execute arbitrary code
Best practice and Recommendations:
The CERT team encourages users to review QNAP security advisory and apply the necessary updates: