QNAP Updates Surveillance Station Pro App/QPKG to Prevent Potential Security Risk

Maximenu CK_Top
≡Open menu ARTICLES PC HARDWARE DESKTOP PROCESSORS MOTHERBOARDS MEMORY KITS GRAPHICS CARDS PC CASES STORAGE HARD DISK DRIVES SOLID STATE DRIVES SOLID STATE HYBRID DRIVES SATA/SAS CARDS INTERNAL CAGES CPU COOLING CPU AIR COOLERS LIQUID CPU COOLERS WATERCOOLING KITS GPU COOLERS POWER SUPPLIES MINI PC PERIPHERALS EXTERNAL STORAGE EXTERNAL HARD DRIVES PORTABLE HARD DRIVES PORTABLE SOLID STATE DRIVES USB FLASH DRIVES MEMORY CARDS HDD ENCLOSURES NETWORK NAS SERVERS MODEM - ROUTERS POE SWITCHES POWERLINE ADAPTERS REPEATERS ADAPTERS MONITORS KEYBOARDS MICE MOUSEPADS HEADSETS USB MICROPHONES SOUND CARDS GAMING CHAIRS OFFICE CHAIRS GAMING DESKS STANDING DESKS GAME CONTROLLERS NOTEBOOK UPS PRINTERS - SCANNERS WEBCAMS AUDIO DESKTOP SPEAKERS SOUNDBARS PORTABLE SPEAKERS HEADPHONES AMPLIFIERS WIRELESS HEADSETS EARPHONES MUSIC PLAYERS VIDEO PROJECTORS MEDIA PLAYERS PROJECTION SCREENS GADGETS 3D PRINTERS - ENGRAVERS ACTION CAMS SMARTPHONES PORTABLE BATTERIES WIRELESS READERS CAR & MOTORCYCLE DASH CAMERAS SPEAKERPHONES SATELLITE NAVIGATION HEAD-UP DISPLAYS TIRE PRESSURE COMMUNICATION SYSTEMS HOME APPLIANCES WATCHES SECURITY SECURITY SYSTEMS SURVEILLANCE CAMERAS SOFTWARE RSS FEEDS NEWS CONTESTS DOWNLOADS ABOUT US HOME

Regarding the recently reported vulnerabilities on the QNAP® Turbo NAS with Surveillance Station Pro App/QPKG installed, QNAP has updated the Surveillance Station Pro App/QPKG and suggested that the affected Turbo NAS users immediately update to the newest version.

See below for details:

Affected Devices:

QNAP Turbo NAS with system firmware 3.8 and Surveillance Station Pro v2.0 to 2.5 installed.
QNAP Turbo NAS with QTS 4.0 and Surveillance Station Pro v3.0.0 installed.

These vulnerabilities do not exist if Surveillance Station Pro is not installed on Turbo NAS. No fix is required in this case.

Vulnerabilities:

CWE-284: Improper Access Control CVE-2013-0142
CWE-77: Improper Neutralization of Special Elements used in a Command CVE-2013-0143
CWE-352: Cross-Site Request Forgery (CSRF). CVE-2013-0144

Please visit http://www.kb.cert.org/vuls/id/927644 for more information.

Solutions:

For QNAP Turbo NAS with system firmware QTS 4.0 and Surveillance Station Pro v3.0.0 installed, please go to App Center and upgrade Surveillance Station Pro to v3.0.2 or higher. Direct download links are available at:

For QNAP Turbo NAS with system firmware 3.8 and Surveillance Station Pro v2.0 - 2.5 installed, please go to QPKG Center and upgrade Surveillance Station Pro to v2.6 or higher. Direct download link is available at

Other Information:

For any further inquiries, please contact us by email: This email address is being protected from spambots. You need JavaScript enabled to view it.
For VioStor NVR vulnerabilities, please visit VioStor forum to get the hot-fix firmware. (http://forum.qnapsecurity.com/viewtopic.php?f=50&t=183680 )

“We are dedicated to providing secure and reliable solutions to our users,” said Jason Hsu, product manager of QNAP. “Our prompt response to any possible security concern is a commitment to this belief,” added Hsu.

Share this post

QNAP Updates Surveillance Station Pro App/QPKG to Prevent Potential Security Risk