Taipei, Taiwan, February 27, 2018 - QNAP® had published security enhancement against security vulnerabilities that could affect specific versions of QNAP products. Please use the following information and solutions to correct the security issues and vulnerabilities.
Security Advisory for Qfinder Pro vulnerability
Release date: 2018/2/27
Security ID: NAS-201802-27
Severity rating: High
CVE identifier: CVE-2017-7633
Affected products: Qfinder Pro versions 6.1.0.0317 and earlier
Summary
A reported vulnerability in Qfinder Pro versions 6.1.0.0317 and earlier may expose sensitive information contained in NAS devices. If exploited, this may allow attackers to further compromise the device.
We have already patched this vulnerability in Qfinder Pro 6.1.1.0425 and later versions.
Recommendation
To resolve the issue, you must update Qfinder Pro to version 6.1.1.0425 or later.
Upgrading to the latest Qfinder Pro version
- Log on to Windows.
- Right-click on the Windows Taskbar.
- Click Check for Updates.
An update notification message appears.
- Click Download.
The application is updated.
Acknowledgements: Tony Martin, information security researcher
Revision history: V1.0 (February 27, 2018) - Published
If you have any questions regarding this issue, please contact us at
http://helpdesk.qnap.com/.