Multiple Vulnerabilities in QVR Firmware for Legacy VioStor NVR

Summary

Mutiple vulnerabilities has been reported to affect QVR firmware for legacy VioStor NVR:

• CVE-2025-52856: A remote attacker can exploit the improper authentication vulnerability to compromise the security of the system.
• CVE-2025-52861: If a remote attacker gains access to an administrator account, they can then exploit the path traversal vulnerability to read the contents of unexpected files or system data.

We have already fixed the vulnerabilities in the following version:

Recommendation

To secure your device, we recommend regularly updating your system to the latest version to benefit from vulnerability fixes. You can check the product support status to see the latest updates available to your NAS model.

Updating QVR Firmware on Legacy VioStor NVR

1. Log in to your VioStor NVR as an administrator.
2. Go to Control Panel > System Settings > Firmware Update.
3. Select the Firmware Update tab.
4. Click Browse... to upload the latest firmware file.
   Tip: Download the latest firmware file for your specific device from https://www.qnap.com/go/download.
5. Click Update System.
   The system installs the update.