CVE-2017-17028

Name of the Vulnerable Software and Affected Versions QNAP QTS versions 4.2.6 build 20171026 through 4.3.4.0387 (Beta 2) build 20171116 and earlier

Description A buffer overflow issue in the external device function could allow remote attackers to execute arbitrary code on NAS devices.

Recommendations For QNAP QTS version 4.2.6 build 20171026, update to a version later than 4.2.6 build 20171026 to resolve the issue. For QNAP QTS version 4.3.3.0378 build 20171117, update to a version later than 4.3.3.0378 build 20171117 to resolve the issue. For QNAP QTS version 4.3.4.0387 (Beta 2) build 20171116 and earlier, update to a version later than 4.3.4.0387 (Beta 2) build 20171116 to resolve the issue. As a temporary workaround, consider restricting access to the external device function until a patch is available.