安全ID : QSA-21-10
Multiple Vulnerabilities in Twonky Server
发布日期 : April 16, 2021
受影响产品: QNAP NAS running Twonky Server
严重程度
Important
状态
已解决
Summary
Two vulnerabilities have been reported to affect earlier versions of Twonky Server.
- An improper access restriction vulnerability allows remote attackers to gain access to sensitive information, such as the administrator username and password for accessing Twonky Server settings.
- A weak password obfuscation vulnerability allows remote attackers to decrypt passwords easily.
Both vulnerabilities combined allow remote attackers to gain access to all content accessible to the server.
The vendor released version 8.5.2 to address the vulnerabilities.
Recommendation
To fix the vulnerability, we recommend updating Twonky Server to the latest version.
Updating Twonky Server
- Log on to QTS as administrator.
- Open the App Center and then click
.
A search box appears. - Type “Twonky Server” and then press ENTER.
Twonky Server appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Twonky Server is already up to date. - Click OK.
The application is updated.
Reference:
修订历史:
V2.0 (May 13, 2021) - The security update is available
V1.0 (April 16, 2021) - Published
