==================================================================== CERT-Renater Note d'Information No. 2021/VULN320 _____________________________________________________________________ DATE : 14/06/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running QNAP NAS running Roon Server versions prior to 2021-05-18. ===================================================================== https://www.qnap.com/fr-fr/security-advisory/qsa-21-17 _____________________________________________________________________ Vulnerability in Roon Server Release date: May 14, 2021 Security ID: QSA-21-17 Severity: Critical CVE identifier: CVE-2021-28810 | CVE-2021-28811 Affected products: QNAP NAS running Roon Server Status: Resolved Summary The QNAP security team has detected an attack campaign in the wild related to a vulnerability in Roon Server. QNAP NAS running the following versions of Roon Server may be susceptible to attack: Roon Server 2021-02-01 and earlier Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later Recommendation To fix the vulnerability, we recommend updating Roon Server to the latest version. Updating Roon Server Log on to QTS or QuTS hero as administrator. Open the App Center and then click . A search box appears. Type “Roon Server” and then press ENTER. Roon Server appears in the search results. Click Update. A confirmation message appears. Note: The Update button is not available if your version is already up to date. Click OK. The application is updated. Acknowledgements: Beijing Venustech Cybervision Co. Ltd Revision History: V2.1 (June 8, 2021) - Update CVE ID and Acknowledgements V2.0 (June 4, 2021) - Issue Resolved V1.0 (May 14, 2021) - Published ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================