=====================================================================

                           CERT-Renater

                 Note d'Information No. 2022/VULN010
_____________________________________________________________________

DATE                : 10/01/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running QNAP QVPN

=====================================================================
https://www.qnap.com/fr-fr/security-advisory/qsa-21-61
_____________________________________________________________________
Summary
A vulnerability has been reported to affect QNAP NAS running QVPN
Service 3.x. If exploited, the vulnerability allows attackers to run
arbitrary code in the system.



We have already fixed the vulnerability in the following versions of
QVPN Service:



QVPN Service 3.0.760 (2021/12/17) and later


Recommendation
To fix the vulnerability, we recommend updating QVPN Service to the
latest version.



Updating QVPN Service

Log on to QTS or QuTS hero as administrator.
Open the App Center and then click .
A search box appears.
Enter "QVPN Service".
QVPN Service appears in the search results.
Click Update.
A confirmation message appears.
Note: The Update button is not available if your application is already
up to date.
Click OK.
The application is updated.


Revision History: V1.0 (January 7, 2022) - Published

=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================