PT-2017-14672 · Qnap · Qnap Qts
Nervoir
·
Published
2017-12-20
·
Updated
2018-01-04
·
CVE-2017-17028
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
QNAP QTS versions 4.2.6 build 20171026 through 4.3.4.0387 (Beta 2) build 20171116 and earlier
Description
A buffer overflow issue in the external device function could allow remote attackers to execute arbitrary code on NAS devices.
Recommendations
For QNAP QTS version 4.2.6 build 20171026, update to a version later than 4.2.6 build 20171026 to resolve the issue.
For QNAP QTS version 4.3.3.0378 build 20171117, update to a version later than 4.3.3.0378 build 20171117 to resolve the issue.
For QNAP QTS version 4.3.4.0387 (Beta 2) build 20171116 and earlier, update to a version later than 4.3.4.0387 (Beta 2) build 20171116 to resolve the issue.
As a temporary workaround, consider restricting access to the external device function until a patch is available.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qnap Qts