First published: Thu Dec 31 2020(Updated: )
A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later)
Credit: security@qnapsecurity.com.tw
Affected Software | Affected Version | How to fix |
---|---|---|
QNAP QTS | <4.5.1.1456 | |
QNAP QuTS hero | <h4.5.1.1472 | |
QNAP QuTScloud | <c4.5.2.1379 |
QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later)
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-19941 is a vulnerability that affects QNAP NAS, allowing an attacker to access sensitive information stored in cleartext inside cookies.
This vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools.
CVE-2018-19941 has a severity score of 7.5 which is considered high.
QTS versions up to 4.5.1.1456, Quts Hero versions up to h4.5.1.1472, and Qutscloud versions up to c4.5.2.1379 are affected.
Yes, QNAP has already fixed this vulnerability in QTS 4.5.1.1456 build and later versions.