Security Advisory for Vulnerability in QTS and Photo Station

Summary

Multiple vulnerabilities have been reported to affect versions of QTS and Photo Station. If exploited, these vulnerabilities may allow an attacker to access or modify paths and files used in system operations, or execute arbitrary code on the system and gain unauthorized access to data.

We have already fixed these issues in the following software versions.
QTS:

• QTS 4.4.1: build 20190816 and later
• QTS 4.3.6: build 20190813 and later

Photo Station:

• QTS 4.2.6: Photo Station 5.2.11 and later
• QTS 4.3.3: Photo Station 5.4.9 and later
• QTS 4.3.4: Photo Station 5.7.10 and later
• QTS 4.4.1: Photo Station 6.0.2 and later

Recommendation

To fix these vulnerabilities, we recommend updating QTS and Photo Station to their latest versions.

Installing the QTS Update

1. Log on to QTS as administrator.
2. Go to Control Panel > System > Firmware Update.
3. Under Live Update, click Check for Update.
   QTS downloads and installs the latest available update.
   Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.

Updating Photo Station

1. Log on to QTS as administrator.
2. Open the App Center, and then click .
   A search box appears.
3. Type “Photo Station”, and then press ENTER.
   The Photo Station application appears in the search results list.
4. Click Update.
   A confirmation message appears.
   Note: The Update button is not available if you are using the latest version.
5. Click OK.
   The application is updated.