=====================================================================

                                CERT-Renater

                      Note d'Information No. 2023/VULN414

_____________________________________________________________________

DATE                : 18/10/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): QTS versions prior to 5.1.0.2444 build 20230629,
               5.0.1.2425 build 20230609, 4.5.4.2467 build 20230718,
               QuTS hero versions prior to h5.1.0.2424 build 20230609,
               h5.0.1.2515 build 20230907, h4.5.4.2476 build 20230728,
                        QuTScloud versions prior to c5.1.0.2498.

=====================================================================
https://www.qnap.com/en/security-advisory/qsa-23-42
https://www.qnap.com/en/security-advisory/qsa-23-41
_____________________________________________________________________

Security ID : QSA-23-42
Vulnerability in QTS, QuTS hero, and QuTScloud

     Release date : October 14, 2023

     CVE identifier : CVE-2023-32974

     Affected products: QTS 5.1.x, QuTS hero h5.1.x, QuTScloud c5.x


Severity
High

Status
Resolved


Summary

A path traversal vulnerability has been reported to affect several QNAP
operating system versions. If exploited, the vulnerability could allow
users to read and expose sensitive data via a network.

We have already fixed the vulnerability in the following versions:

Affected Product         Fixed Version
QTS 5.1.x                QTS 5.1.0.2444 build 20230629 and later
QuTS hero h5.1.x         QuTS hero h5.1.0.2424 build 20230609 and later
QuTScloud c5.x           QuTScloud c5.1.0.2498 and later


Recommendation

To secure your device, we recommend regularly updating your system to
the latest version to benefit from vulnerability fixes. You can check
the product support status to see the latest updates available to your
NAS model.


Updating QTS, QuTS hero, or QuTScloud

     Log in to QTS, QuTS hero, or QuTScloud as an administrator.
     Go to Control Panel > System > Firmware Update.
     Under Live Update, click Check for Update.
     The system downloads and installs the latest available update.

Tip: You can also download the update from the QNAP website. Go to
Support > Download Center and then perform a manual update for your
specific device.


Attachment

     CVE-2023-32974.json


Acknowledgements: huasheng_mangguo


Revision History:
V1.0 (October 14, 2023) - Published

_____________________________________________________________________


Security ID : QSA-23-41
Vulnerabilities in QTS, QuTS hero, and QuTScloud

     Release date : October 14, 2023

     CVE identifier : CVE-2023-32970 | CVE-2023-32973

     Affected products: QTS 5.1.x, 5.0.x, 4.5.x; QuTS hero h5.1.x,
h5.0.x, h4.5.x; QuTScloud c5.x


Severity
Medium

Status
Resolved


Summary

Two vulnerabilities have been reported to affect several QNAP
operating system versions:

     CVE-2023-32970: If exploited, the null pointer dereference 
vulnerability
could allow authenticated administrators to launch a denial-of-service (DoS)
attack via a network.

     CVE-2023-32973: If exploited, the buffer copy without checking size of
input vulnerability could allow authenticated administrators to execute
code via a network.

We have already fixed the vulnerabilities in the following versions:

Affected Product       Fixed Version
QTS 5.1.x              QTS 5.1.0.2444 build 20230629 and later
QTS 5.0.x              QTS 5.0.1.2425 build 20230609 and later
QTS 4.5.x              QTS 4.5.4.2467 build 20230718 and later
QuTS hero h5.1.x       QuTS hero h5.1.0.2424 build 20230609 and later
QuTS hero h5.0.x       QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h4.5.x       QuTS hero h4.5.4.2476 build 20230728 and later
QuTScloud c5.x         QuTScloud c5.1.0.2498 and later


Recommendation

To secure your device, we recommend regularly updating your system to the
latest version to benefit from vulnerability fixes. You can check the
product support status to see the latest updates available to your NAS
model. In addition, for online activities, it's recommended to access
the web through secure and trusted networks.


Updating QTS, QuTS hero, or QuTScloud

     Log in to QTS, QuTS hero, or QuTScloud as an administrator.
     Go to Control Panel > System > Firmware Update.
     Under Live Update, click Check for Update.
     The system downloads and installs the latest available update.


Tip: You can also download the update from the QNAP website. Go to
Support > Download Center and then perform a manual update for your
specific device.


Attachment

     CVE-2023-32970.json
     CVE-2023-32973.json


Acknowledgements: Jiaxu Zhao && Bingwei Peng


Revision History:
V1.0 (October 14, 2023) - Published


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================