Security News > 2021 > February > QNAP patches critical vulnerability in Surveillance Station NAS app

QNAP has addressed a critical security vulnerability in the Surveillance Station app that allows attackers to execute malicious code remotely on network-attached storage devices running the vulnerable software.

Surveillance Station is QNAP's network surveillance Video Management System, a software solution that can help users manage and monitor up to 12 IP cameras.

The critical security flaw patched today by QNAP is a stack-based buffer overflow vulnerability impacting QNAP NAS devices running Surveillance Station.

Surveillance Station 5.1.5.4.3 for ARM CPU NAS and x86 CPU NAS. Surveillance Station 5.1.5.3.3 for ARM CPU NAS and x86 CPU NAS. The company has also patched a medium severity cross-site scripting vulnerability affecting earlier versions of the Photo Station app used to upload images to QNAP NAS device, create albums, or view them remotely.

QNAP alerted customers in September 2020 of an AgeLocker ransomware campaign targeting Internet exposed NAS devices in attacks exploiting older and vulnerable Photo Station versions.

Qihoo 360's 360 Netlab also said in August that attackers were scanning for vulnerable NAS devices trying to exploit a remote code execution firmware vulnerability fixed over three years ago, in July 2017.

News URL

https://www.bleepingcomputer.com/news/security/qnap-patches-critical-vulnerability-in-surveillance-station-nas-app/