安全ID : QSA-22-18
Cross-Site Request Forgery Vulnerability in Proxy Server
发布日期 : May 26, 2022
通用漏洞披露 : CVE-2021-34360
受影响产品: QNAP NAS running Proxy Server
严重程度
Moderate
状态
已解决
Summary
A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP NAS running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code.
We have already fixed this vulnerability in the following versions of Proxy Server:
- QTS 4.5.x, QTS 5.0.x: Proxy Server 1.4.2 (2021/12/30) and later
- QuTS hero h5.0.x: Proxy Server 1.4.3 (2022/01/18) and later
- QuTScloud c4.5.x, QuTScloud c5.0.x: Proxy Server 1.4.2 (2021/12/30) and later
Recommendation
To fix the vulnerability, we recommend updating Proxy Server to the latest version.
Updating Proxy Server
- Log on to QTS, QuTS hero, or QuTScloud as administrator.
- Open the App Center and then click
.
A search box appears. - Enter "Proxy Server".
Proxy Server appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your application is already up to date. - Click OK.
The system updates the application.
致谢: Tony Martin, a security researcher
修订历史: V1.0 (May 26, 2022) - Published
