QTS

QTS 是入門到中階 QNAP NAS 使用的作業系統,採用 Linux 核心及 ext4 檔案系統,讓每個人輕鬆享有可靠的儲存空間,並體驗多樣的加值功能及應用,例如快照及 Plex 媒體伺服器,此外,免費的 myQNAPcloud 服務更可讓您快速便利地存取個人私有雲。

系統
應用

QuTScloud

QuTScloud 是 QNAP 雲 NAS 虛擬裝置的作業系統。QuTScloud 可供部署在公有雲及本地 Hypervisor,讓您優化雲端資料運用及靈活指派資源,且訂閱成本清楚可預測。

系統
應用

QES

QES 是雙控制器 QNAP NAS 使用的作業系統,採用 FreeBSD 核心及 ZFS 檔案系統,並針對 SSD 進行最佳化,能帶來卓越的全快閃陣列效能。

系統
產品
資源

QNE Network

QNE Network 是 QNAP 的通用客戶端設備 (uCPE) 產品 QuCPE 採用的作業系統。您可在 QNE Network 上執行虛擬化網路功能 (VNF)、自由配置軟體定義網路 (SD-WAN) 並享受多重優勢,例如更合宜的成本,以及更少的管理投入。

系統
應用

QSS

QSS 是 QNAP 之網管型交換器的管理介面。您可快速啟用及配置多種網管功能,包括鏈路聚合 (LACP)、VLAN 及 RSTP,輕鬆管理您的區域網路架構。

系統

QuRouter

QuRouter 路由器管理系統專為 QNAP 路由器量身打造,幫助您輕鬆管理高速、高覆蓋率的有線無線網路,並執行 NAT、VPN、安全性與 QuWAN SD-WAN 等進階功能。

系統
應用

QVR Surveillance

QVR Surveillance 是 QNAP 網路錄影監控主機 (NVR) 解決方案,提供訂閱制 QVR Elite 及買斷制 QVR Pro 軟體,可搭配一系列軟體使用,包括人臉辨識及門禁管理等,讓運用更廣泛多元。

系統
應用
資源

QVR Face

QVR Face 是一套智慧人臉辨識解決方案,可即時分析來自連線攝影機的即時影像串流。QVR Face 更可整合多種應用情境,進行智慧考勤管理、門禁控制管理、VIP 人員提示系統及智慧零售服務等。

系統
應用
資源

KoiMeeter

QNAP 智慧影像解決方案提供多種不同的智慧型整合解決方案,例如視訊會議及智慧零售等,讓個人及企業生產力獲得顯著提升。

視訊會議
智慧零售

Security ID : QSA-21-11

SQL Injection Vulnerability in Multimedia Console and the Media Streaming Add-On


  • Release date : April 16, 2021

  • CVE identifier : CVE-2020-36195

  • Affected products: QNAP NAS running Multimedia Console or the Media Streaming add-on

Severity

Critical

Status

Resolved


Summary

An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on.

If exploited, the vulnerability allows remote attackers to obtain application information.

We have already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on.

  • QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later
  • QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later
  • QTS 4.4.x and later: Multimedia Console 1.3.4 and later

We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively:

  • QTS 4.3.3.1624 Build 20210416 and later
  • QTS 4.3.6.1620 Build 20210322 and later

Recommendation

To fix the vulnerability, we recommend updating Multimedia Console or the Media Streaming add-on to the latest version. Additionally for devices running QTS 4.3.3 and QTS 4.3.6, updating QTS is highly recommended.

Updating QTS

  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > Firmware Update.
  3. Under Live Update, click Check for Update.
    QTS downloads and installs the latest available update.

Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.

Updating Multimedia Console

  1. Log on to QTS as administrator.
  2. Open the App Center and then click .
    A search box appears.
  3. Type “Multimedia Console” and then press ENTER.
    Multimedia Console appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your Multimedia Console is already up to date.
  5. Click OK.
    The application is updated.

Updating the Media Streaming Add-On

  1. Log on to QTS as administrator.
  2. Open the App Center and then click .
    A search box appears.
  3. Type “Media Streaming add-on” and then press ENTER.
    The Media Streaming add-on appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your Media Streaming add-on is already up to date.
  5. Click OK.
    The application is updated.

Acknowledgements: Yaniv Puyeski

Revision History:
V2.0 (April 29, 2021) - Minor correction
V1.0 (April 16, 2021) - Published

選擇規格

      顯示更多 隱藏更多

      選擇其他偏好的語言:

      open menu
      back to top