PT-2021-8833 · Qnap · Qnap Nas Qts+2
Published
2021-09-10
·
Updated
2021-09-23
·
CVE-2018-19957
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
QNAP NAS QTS versions prior to 4.5.4.1715 build 20210630
QNAP NAS QuTS hero versions prior to h4.5.4.1771 build 20210825
QNAP NAS QuTScloud versions prior to c4.5.6.1755 build 20210809
Description
A vulnerability involving insufficient HTTP security headers has been reported, allowing remote attackers to launch privacy and security attacks.
Recommendations
For QNAP NAS QTS versions prior to 4.5.4.1715 build 20210630, update to QTS 4.5.4.1715 build 20210630 or later.
For QNAP NAS QuTS hero versions prior to h4.5.4.1771 build 20210825, update to QuTS hero h4.5.4.1771 build 20210825 or later.
For QNAP NAS QuTScloud versions prior to c4.5.6.1755 build 20210809, update to QuTScloud c4.5.6.1755 build 20210809 or later.
Fix
Clickjacking
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qnap Nas Qts
Qnap Nas Quts Hero
Qnap Nas Qutscloud