Attackers could attack network storage (NAS) and switches from Qnap and, for example, access data that is actually isolated. Security updates provide a remedy.
A loophole (CVE-2021-28814, “high“) in the Helpdesk app threatens all NAS models, warns Qnap in a post. Due to insufficient access control, remote attackers could access the app. It is not yet known what attacks might look like. The version secured against it Helpdesk 3.0.4 can be updated in the App Center.
Endangered Switch Models
Two vulnerabilities (CVE-2021-28805, “high“and CVE-2021-288801,”low“) concern the QSS firmware of the switch models QSW-M2108-2C, QSW-M2108-2S, QSW-M2108R-2C and QSW-M408. Among other things, Qnap speaks of” sensitive information “in the source code that attackers could access In the QSS versions 1.0.2 build 20210122, 1.0.3 build 20210505 and 1.0.12 build 20210506 the developers have closed the gaps.
List sorted by threat level in descending order: