Security Advisory for Media Streaming Add-on

Summary

A reported Media Streaming add-on vulnerability may affect QNAP NAS devices running QTS 4.2.6 and earlier versions. If exploited, the vulnerability may be used to to crash the application.

We have already fixed this issue in the following QTS versions:

• QTS 4.4.0: Media Streaming add-on 440.1.1.0 and later
• QTS 4.3.3: Media Streaming add-on 430.1.8.0 and later
• QTS 4.2.6: Media Streaming add-on 421.1.2.0 and later

Recommendation

To fix the vulnerability, we recommend updating QTS and Media Streaming add-on to their latest versions.

Installing the QTS Update

1. Log on to QTS as administrator.
2. Go to Control Panel > System > Firmware Update.
3. Under Live Update, click Check for Update.
   QTS downloads and installs the latest available update.

Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.

Updating Media Streaming Add-On

1. Log on to QTS as administrator.
2. Open the App Center, and then click the Search icon.
   A search box appears.
3. Type “Media Streaming add-on”, and then press ENTER.
   The Media Streaming add-on application appears in the search results list.
4. Click Update.
   A confirmation message appears.
5. Click OK.
   The application is updated.

Note: The Update button is not available if you are already using the latest version.