====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN677
_____________________________________________________________________

DATE                : 30/12/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running
               QTS 4.5.4.1787 build 20210910 and later
               QuTS hero h4.5.4.1771 build 20210825 and later
               QuTScloud c4.5.7.1864 and later

=====================================================================
https://www.qnap.com/fr-fr/security-advisory/qsa-21-53
_____________________________________________________________________


Release date: December 30, 2021
Security ID: QSA-21-53
Severity: Medium
CVE identifier: CVE-2021-34347
Affected products: All QNAP NAS
Status: Resolved
Summary
A vulnerability involving exposure of sensitive information has been
reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. If
exploited, this vulnerability allows attackers to compromise the
security of the system.



We have already fixed this vulnerability in the following versions of
QTS, QuTS hero, and QuTScloud:



QTS 4.5.4.1787 build 20210910 and later
QuTS hero h4.5.4.1771 build 20210825 and later
QuTScloud c4.5.7.1864 and later


Recommendation
To secure your device, we recommend regularly updating your system to
the latest version to benefit from vulnerability fixes. You can check
the product support status to see the latest updates available to your
NAS model.



Updating QTS, QuTS hero, or QuTScloud

Log on to QTS, QuTS hero, or QuTScloud as administrator.
Go to Control Panel > System > Firmware Update.
Under Live Update, click Check for Update.
QTS, QuTS hero, or QuTScloud downloads and installs the latest available
update.
Tip: You can also download the update from the QNAP website. Go to
Support > Download Center and then perform a manual update for your
specific device.

Acknowledgements: XUELIANG SUN

Revision History: V1.0 (December 30, 2021) - Published

=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================