This time, QNAP Systems has suffered two critical software vulnerabilities. QNAP Systems is one of the leaders in network-attached storage and video surveillance gear. Delivering high-performance NAS (Network Attached Storage), professional-grade video recorder (NVR) solutions, QNAP Systems caters to a wide range of the market including; home use to SMBs (Small to Medium Businesses.) The company has released security advisory information on its official website about 2 critical vulnerabilities affecting NVR Storage Expansion. The critical vulnerabilities can ultimately lead to the complete compromise of an unpatched system. In the next sections, following the description of the vulnerability and technical breakdown, users will have all the information they need to update their software and avoid any issues.
The QNAP NVR Storage Expansion Software Vulnerability
The official QNAP Systems Security Advisory presented a report revealing two critical vulnerabilities in the QNAP NVR Storage Expansion. The NVR Storage Expansion is an important utility for Network Video Recording. The Security Advisory Report was published on September 10th, 2021.
Technical Details
The release reports from the QNAP Systems Security Advisory detail two critical stack-based overflow software vulnerability types, publicly known as; CVE-2021-34345 and CVE-2021-34346. Further information reveals that the vulnerabilities allow a remote attacker to execute arbitrary code on the target system. The vulnerabilities exist due to a boundary error. A remote and unauthenticated attacker can trigger a stack-based buffer overflow and execute arbitrary code on the target system. Successful exploitation of these vulnerabilities may result in the complete compromise of a vulnerable system.
Vulnerable Software Versions
NVR Storage Expansion 1.05 is now at risk from these software vulnerabilities.
Important User Information
The solution to the problem is for users to update their NVR Storage Expansion. According to the QNAP Systems Security Advisory report, the issue has been resolved in NVR Storage Expansion 1.0.6 (2021/08/03) and later.
How to Update
The official QNAP Systems Security Advisory recommends the following steps to update the vulnerable software; Updating NVR Storage Expansion