Call a Specialist Today! (02) 9388 1741
Free Delivery! Free Delivery!

The Latest QNAP Networks News
Product and Solution Information, Press Releases, Announcements

QNAP Updates Surveillance Station Pro App/QPKG to Prevent Potential Security Risk
Posted: Mon Jun 10, 2013 02:01:56 PM
 

Taipei, Taiwan -- June 10, 2013 -- Regarding the recently reported vulnerabilities on the QNAP® Turbo NAS with Surveillance Station Pro App/QPKG installed, QNAP has updated the Surveillance Station Pro App/QPKG and suggested that the affected Turbo NAS users immediately update to the newest version.

See below for details:

Affected Devices:

  1. QNAP Turbo NAS with system firmware 3.8 and Surveillance Station Pro v2.0 to 2.5 installed.

  2. QNAP Turbo NAS with QTS 4.0 and Surveillance Station Pro v3.0.0 installed.

These vulnerabilities do not exist if Surveillance Station Pro is not installed on Turbo NAS. No fix is required in this case.

Vulnerabilities:

  • CWE-284: Improper Access Control CVE-2013-0142

  • CWE-77: Improper Neutralization of Special Elements used in a Command CVE-2013-0143

  • CWE-352: Cross-Site Request Forgery (CSRF). CVE-2013-0144

Solutions:

For QNAP Turbo NAS with system firmware QTS 4.0 and Surveillance Station Pro v3.0.0 installed, please go to App Center and upgrade Surveillance Station Pro to v3.0.2 or higher. Direct download links are available at:

  • http://download.qnap.com/QPKG/SurveillanceStation_3.0.2_x86.zip

  • http://download.qnap.com/QPKG/SurveillanceStation_3.0.2_arm-x19.zip

For QNAP Turbo NAS with system firmware 3.8 and Surveillance Station Pro v2.0 - 2.5 installed, please go to QPKG Center and upgrade Surveillance Station Pro to v2.6 or higher. Direct download link is available at

  • http://download.qnap.com/QPKG/SurveillanceStation_2.6_x86.zip

  • http://download.qnap.com/QPKG/SurveillanceStation_2.6_arm-x19.zip

Other Information:

  1. For any further inquiries, please contact us by email: [email protected]

  2. For VioStor NVR vulnerabilities, please visit VioStor forum to get the hot-fix firmware. (http://forum.qnapsecurity.com/viewtopic.php?f=50&t=183680)

“We are dedicated to providing secure and reliable solutions to our users,” said Jason Hsu, product manager of QNAP. “Our prompt response to any possible security concern is a commitment to this belief,” added Hsu.

 
« Return to News List