CVE-2018-14748
First published: Wed Nov 28 2018(Updated: )
Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS.
Credit: security@qnapsecurity.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QNAP QTS | =4.2.6 | |
| QNAP QTS | =4.3.3 | |
| QNAP QTS | =4.3.4 | |
| QNAP QTS | =4.3.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-14748?
CVE-2018-14748 is classified as a medium severity vulnerability due to the potential for remote attackers to power off affected NAS systems.
How do I fix CVE-2018-14748?
To mitigate CVE-2018-14748, users should update their QTS operating system to a version that is not affected, specifically QTS versions released after the vulnerability was disclosed.
Which QNAP QTS versions are affected by CVE-2018-14748?
CVE-2018-14748 affects QTS versions 4.2.6, 4.3.3, 4.3.4, and 4.3.5.
Can CVE-2018-14748 allow data loss?
While CVE-2018-14748 allows the power-off of the NAS, it primarily poses a risk of downtime rather than data loss, depending on the circumstances.
What steps can I take to secure my NAS against CVE-2018-14748?
Securing your NAS against CVE-2018-14748 involves updating to the latest QTS version and implementing strict access controls.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/event
- agent/tags
- agent/source
- vendor/qnap
- canonical/qnap qts
- version/qnap qts/4.2.6
- version/qnap qts/4.3.3
- version/qnap qts/4.3.4
- version/qnap qts/4.3.5