Security Advisory for Vulnerability in noip2 Utility in QTS

Summary

A reported buffer overflow vulnerability may affect the noip2 utility found in QNAP NAS devices running QTS 4.4.1 build 20190816, QTS 4.3.6 build 20190813, and earlier versions. If exploited, the vulnerability could allow attackers to run arbitrary code on the NAS.
 
We have already fixed this issue in the following QTS versions:

• QTS 4.4.1: build 20190818 and later
• QTS 4.3.6: build 20190830 and later

Recommendation

To fix this vulnerability, we recommend updating QTS to the latest version.

Installing the QTS Update

1. Log on to QTS as administrator.
2. Go to Control Panel > System > Firmware Update.
3. Under Live Update, click Check for Update.
   QTS downloads and installs the latest available update.
4. Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.