Vulnerability in QuFirewall on QTS, QuTS hero, and QuTScloud

Summary

An OS command injection vulnerability has been reported to affect QuFirewall on QTS, QuTS hero, and QuTScloud. If exploited, the vulnerability allows authenticated administrators to execute commands via susceptible QNAP devices via network vector.

We have already fixed the vulnerability in the following versions:

• QuFirewall 2.3.3 (2023/03/27) and later

Recommendation

To secure your device, we recommend regularly updating your system and applications to their latest versions to benefit from vulnerability fixes. You can check the product support status to see the latest updates available to your NAS model.

Updating QuFirewall

1. Log in to QTS, QuTS hero, or QuTScloud as an administrator.
2. Open App Center and then click .
   A search box appears.
3. Enter "QuFirewall".
   QuFirewall appears in the search results.
4. Click Update.
   A confirmation message appears.
   Note: The Update button is not available if the application is already up to date.
5. Click OK.
   The application is updated.