QNAP - Vulnerability march 2025
QNAP vulnerability list of march 2025. Multiple vulnerabilities have been discovered in Qnap products. Some of these allow an attacker to trigger remote arbitrary code execution, data confidentiality breaches, and data integrity violations.
Instructions to update (from QNAP)
Updating QTS or QuTS hero
- Log in to QTS or QuTS hero as an administrator.
- Go to Control Panel > System > Firmware Update.
- Under Live Update, click Check for Update.
The system downloads and installs the latest available update.
Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.
All versions bellow are vulnerable. Please update to last version available :
- File Station versions 5.5.x prior to 5.5.6.4741
- HBS 3 Hybrid Backup Sync versions 25.1.x prior to 25.1.4.952
- Helpdesk versions 3.3.x prior to 3.3.3
- Qfinder Pro Mac versions 7.11.x prior to 7.11.1
- Qsync Client versions 5.1.x prior to 5.1.3 for Mac
- QTS versions 4.5.x prior to 4.5.4.2957 build 20241119
- QTS versions 5.1.x prior to 5.1.9.2954 build 20241120
- QTS versions 5.2.x prior to 5.2.3.3006 build 20250108
- QuLog Center versions 1.7.x prior to 1.7.0.829
- QuLog Center versions 1.8.x prior to 1.8.0.888
- QuRouter versions 2.4.x prior to 2.4.6.028
- QuTS hero versions h4.5.x prior to h4.5.4.2956 build 20241119
- QuTS hero versions h5.1.x prior to h5.1.9.2954 build 20241120
- QuTS hero versions h5.2.x prior to h5.2.3.3006 build 20250108
- QVPN Device Client versions 2.2.x prior to 2.2.5 for Mac
