QuTScloud

QuTScloud is the operating system for QNAP Cloud NAS virtual appliances. With the possibility of on-premises and cloud deployment, QuTScloud enables optimized cloud data usage and flexible resource allocation at a predictable monthly cost.

System
Applications

QES

QES is the operating system for dual-controller QNAP NAS models. With FreeBSD and ZFS, QES is flash-optimized, capable of driving outstanding performance for all-flash storage arrays.

System
Product
Resources

QNE Network

QNE Network is the operating system for QuCPE, QNAP's universal customer premises equipment series. Run virtual network functions, freely configure software-defined networks, and enjoy benefits such as lowered costs and reduced management efforts.

System
Applications

QSS

QNAP Switch System (QSS) is the configuration interface for QNAP's managed switch series. Enable management functions such as link aggregation, VLAN, and RSTP, to take care of your network topology with ease.

System

QuRouter

QNAP’s QuRouter OS simplifies managing high-speed and high-coverage LAN/WAN. With NAT, VPN, security, and QuWAN SD-WAN, network management is made easier and remote connections more secure.

System
Applications

QVR Surveillancee

QVR Surveillance is QNAP’s network video recorder software solution. It offers subscription-based QVR Elite and perpetual QVR Pro, and can be used with a series of apps, such as face recognition and door access control for a wider range of scenarios.

System
Applications
Resources

QVR Face

QVR Face is a smart facial recognition solution featuring real-time live streaming video analytics from connected cameras. It can be integrated into multiple scenarios to provide intelligent attendance management, door access control management, VIP welcome systems and smart retail services.

System
Applications
Resources

KoiMeeter

QNAP smart video solutions provides integrated intelligent packages such as video conferencing and smart retail, boosting productivity for individuals and businesses.

Video Conferencing
Smart Retail

Security ID : QSA-21-38

Command Injection Vulnerability in QVR


  • Release date : October 1, 2021

  • CVE identifier : CVE-2021-34352

  • Affected products: Certain QNAP EOL devices running QVR

Severity

Medium

Status

Resolved


Summary

A command injection vulnerability has been reported to affect certain QNAP EOL devices running QVR. If exploited, this vulnerabiliy allows remote attackers to run arbitrary commands.

We have already fixed these vulnerabilities in the following versions of QVR:

  • QVR 5.1.5 build 20210902 and later

Recommendation

To secure your device, we strongly recommend updating your system to the latest version to benefit from vulnerability fixes. You can check the product support status to see the latest updates available to your device model.

Updating QVR

  1. Log on to QVR as administrator.
  2. Go to Control Panel > System Settings > Firmware Update.
  3. Under Live Update, click Check for Update.
    QVR downloads and installs the latest available update.

Tip: You can also download the update from https://www.qnapsecurity.com/. Go to Support > Download and then perform a manual update for your specific device.

Acknowledgements: 360 的安全研究员 侯留洋(houliuyang@360.cn)和叶根深(yegenshen@360.cn)

Revision History: V1.0 (October 1, 2021) - Published

Choose specification

      Show more Less

      Choose Your Country or Region

      open menu
      back to top