Taipei, Taiwan, November 6, 2017 - QNAP® had published security enhancement against security vulnerabilities that could affect specific versions of QNAP products. Please use the following information and solutions to correct the security issues and vulnerabilities.
Security Advisory for WPA2 Vulnerabilities
Release date: 2017/10/20
Last updated: 2017/11/06
Security ID: NAS-201710-20
Severity rating: High
CVE identifier:
CVE-2017-13077 | CVE-2017-13078 | CVE-2017-13079 | CVE-2017-13080 | CVE-2017-13081 | CVE-2017-13082 | CVE-2017-13084 | CVE-2017-13086 | CVE-2017-13087 | CVE-2017-13088
Affected products:
- All QNAP devices using QNAP WirelessAP Station
- All QNAP devices connecting to the network using wireless USB dongles
Summary
Network security researcher Mathy Vanhoef of imec-DistriNet, KU Leuven discovered a critical security concern involving Wi-Fi Protected Access II (WPA2) called KRACK. Since the flaw affects WPA2, a global Wi-Fi security standard, this means all products which use the protocol are affected. If abused, the security flaw may expose systems to possible remote attacks.
QNAP has fixed this issue in WirelessAP Station 0.1.0 (for QNAP devices using QNAP WirelessAP Station) and QTS 4.2.6 build 20171026 and 4.3.3.0361 build 20171101 (for QNAP devices connecting to networks using wireless USB dongles).
Solution
For users of QNAP WirelessAP Station, you must update to WirelessAP Station 0.1.0.
For those using wireless USB dongles to connect their NAS to Wi-Fi networks, you must update to the following QTS versions:
- QTS 4.2.x: QTS 4.2.6 build 20171026
- QTS 4.3.x: QTS 4.3.3.0361 build 20171101
Upgrading to WirelessAP Station 0.1.0
- Log on to QTS as administrator.
- Open the App Center, and then click the Search icon.
A search box appears.
- Type “WirelessAP Station”, and then press ENTER.
The WirelessAP Station application appears in the search results list.
- Click Update.
A confirmation message appears.
- Click OK.
The application is updated.
Installing the QTS Update
- Log on to QTS as administrator.
- Go to Control Panel > System > Firmware Update.
- Under Live Update, click Check for Update.
Tip: You can also download the update from the QNAP website. Go to Support > Download and then perform a manual update.
Notice
Since the flaw affects all products using the WPA2 protocol, QNAP recommends you avoid accessing your NAS using public Wi-Fi hotspots and open wireless access points.
If you have any questions regarding this issue, please contact us at
http://helpdesk.qnap.com/.