QuTScloud

QuTScloud is the operating system for QNAP Cloud NAS virtual appliances. With the possibility of on-premises and cloud deployment, QuTScloud enables optimized cloud data usage and flexible resource allocation at a predictable monthly cost.

System
Applications

QES

QES is the operating system for dual-controller QNAP NAS models. With FreeBSD and ZFS, QES is flash-optimized, capable of driving outstanding performance for all-flash storage arrays.

System
Product
Resources

QNE Network

QNE Network is the operating system for QuCPE, QNAP's universal customer premises equipment series. Run virtual network functions, freely configure software-defined networks, and enjoy benefits such as lowered costs and reduced management efforts.

System
Applications

QSS

QNAP Switch System (QSS) is the configuration interface for QNAP's managed switch series. Enable management functions such as link aggregation, VLAN, and RSTP, to take care of your network topology with ease.

System

QuRouter

QNAP’s QuRouter OS simplifies managing high-speed and high-coverage LAN/WAN. With NAT, VPN, security, and QuWAN SD-WAN, network management is made easier and remote connections more secure.

System
Applications

QVR Surveillancee

QVR Surveillance is QNAP’s network video recorder software solution. It offers subscription-based QVR Elite and perpetual QVR Pro, and can be used with a series of apps, such as face recognition and door access control for a wider range of scenarios.

System
Applications
Resources

QVR Face

QVR Face is a smart facial recognition solution featuring real-time live streaming video analytics from connected cameras. It can be integrated into multiple scenarios to provide intelligent attendance management, door access control management, VIP welcome systems and smart retail services.

System
Applications
Resources

KoiMeeter

QNAP smart video solutions provides integrated intelligent packages such as video conferencing and smart retail, boosting productivity for individuals and businesses.

Video Conferencing
Smart Retail

Security ID : QSA-21-11

SQL Injection Vulnerability in Multimedia Console and the Media Streaming Add-On


  • Release date : April 16, 2021

  • CVE identifier : CVE-2020-36195

  • Affected products: QNAP NAS running Multimedia Console or the Media Streaming add-on

Severity

Critical

Status

Resolved


Summary

An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on.

If exploited, the vulnerability allows remote attackers to obtain application information.

We have already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on.

  • QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later
  • QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later
  • QTS 4.4.x and later: Multimedia Console 1.3.4 and later

We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively:

  • QTS 4.3.3.1624 Build 20210416 and later
  • QTS 4.3.6.1620 Build 20210322 and later

Recommendation

To fix the vulnerability, we recommend updating Multimedia Console or the Media Streaming add-on to the latest version. Additionally for devices running QTS 4.3.3 and QTS 4.3.6, updating QTS is highly recommended.

Updating QTS

  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > Firmware Update.
  3. Under Live Update, click Check for Update.
    QTS downloads and installs the latest available update.

Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.

Updating Multimedia Console

  1. Log on to QTS as administrator.
  2. Open the App Center and then click .
    A search box appears.
  3. Type “Multimedia Console” and then press ENTER.
    Multimedia Console appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your Multimedia Console is already up to date.
  5. Click OK.
    The application is updated.

Updating the Media Streaming Add-On

  1. Log on to QTS as administrator.
  2. Open the App Center and then click .
    A search box appears.
  3. Type “Media Streaming add-on” and then press ENTER.
    The Media Streaming add-on appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your Media Streaming add-on is already up to date.
  5. Click OK.
    The application is updated.

Acknowledgements: Yaniv Puyeski

Revision History:
V2.0 (April 29, 2021) - Minor correction
V1.0 (April 16, 2021) - Published

Choose specification

      Show more Less

      Choose Your Country or Region

      open menu
      back to top