Main Vulnerability Database SB2020111013

SB2020111013 - Multiple vulnerabilities in QNAP QTS applications

Published: November 10, 2020

Security Bulletin ID SB2020111013

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security restrictions bypass (CVE-ID: N/A)

The vulnerabilities allow a remote attacker to bypass implemented security restrictions.

Multiple unspecified vulnerabilities have been identified and fixed in Surveillance Station, QVPN Service, Qfiling, Qsync Central, QcalAgent, and IFTTT Agent applications.

Remediation

Install update from vendor's website.

References

https://www.qnap.com/en/release-notes/qts/4.5.1.1480/20201108