Vulnerability in QVPN Device Client for Windows

Summary

An insecure library loading vulnerability has been reported to affect devices running QVPN Device Client for Windows. If exploited, this vulnerability allows local authenticated users to execute code through insecure library loading.

We have already fixed the vulnerability in the following versions:

• QVPN Device Client for Windows, version 2.0.0.1316 and later 

QVPN Device Client for macOS, Android, and iOS are not affected.

Recommendation

To secure your device, we recommend regularly updating your QNAP utilities to the latest versions to benefit from vulnerability fixes. You can check the QNAP Utilities page to see the latest updates available to your device operating system.