O-Sense
Regarding the recently reported vulnerabilities on the QNAP VioStor NVR with firmware version 4.0.3 build 6403 or earlier version, QNAP has updated the VioStor NVR firmware and suggested that the affected VioStor NVR users immediately update to the newest version (version 4.0.3 build 6612).
See below for details:
Affected Devices:
QNAP VioStor NVR with firmware version 4.0.3 build 6403 or earlier version.
Vulnerabilities:
CWE-284 (CVE-2013-0142): Improper Access Control CVE-2013-0142. Please visit http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0142 for more information.
- CWE-77: Improper Neutralization of Special Elements used in a Command CVE-2013-0143. Please visit http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0143 for more information.
- CWE-352: Cross-Site Request Forgery (CSRF). CVE-2013-0144. Please visit http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0144 for more information.
Solutions:
Upgrade QNAP VioStor NVR system firmware to version 4.0.3 build 6612 (or later):
The hot-fix firmware links of VioStor NVR are available below:
VS-2112 Pro+
http://eu1.qnap.com/Surveillance/VS-2112Pro+/U_VS-2112Pro+_6612-4.0.3.zip
VS-2108 Pro+
http://eu1.qnap.com/Surveillance/VS-2108Pro+/U_VS-2108Pro+_6612-4.0.3.zip
VS-2104 Pro+
http://eu1.qnap.com/Surveillance/VS-2104Pro+/U_VS-2104Pro+_6612-4.0.3.zip
VS-4116 Pro+
http://eu1.qnap.com/Surveillance/VS-4116Pro+/U_VS-4116Pro+_6612-4.0.3.zip
VS-4112 Pro+
http://eu1.qnap.com/Surveillance/VS-4112Pro+/U_VS-4112Pro+_6612-4.0.3.zip
VS-4108 Pro+
http://eu1.qnap.com/Surveillance/VS-4108Pro+/U_VS-4108Pro+_6612-4.0.3.zip
VS-6120 Pro+
http://eu1.qnap.com/Surveillance/VS-6120Pro+/U_VS-6120Pro+_6612-4.0.3.zip
VS-6116 Pro+
http://eu1.qnap.com/Surveillance/VS-6116Pro+/U_VS-6116Pro+_6612-4.0.3.zip
VS-6112 Pro+
http://eu1.qnap.com/Surveillance/VS-6112Pro+/U_VS-6112Pro+_6612-4.0.3.zip
VS-4016U-RP Pro
http://eu1.qnap.com/Surveillance/VS-4016UPro/U_VS-4016UPro_6612-4.0.3.zip
VS-4012U-RP Pro
http://eu1.qnap.com/Surveillance/VS-4012UPro/U_VS-4012UPro_6612-4.0.3.zip
VS-4008U-RP Pro
http://eu1.qnap.com/Surveillance/VS-4008UPro/U_VS-4008UPro_6612-4.0.3.zip
VS-8148 Pro+
http://eu1.qnap.com/Surveillance/VS-8148Pro+/U_VS-8148Pro+_6612-4.0.3.zip
VS-8140 Pro+
http://eu1.qnap.com/Surveillance/VS-8140Pro+/U_VS-8140Pro+_6612-4.0.3.zip
VS-8132 Pro+
http://eu1.qnap.com/Surveillance/VS-8132Pro+/U_VS-8132Pro+_6612-4.0.3.zip
VS-8124 Pro+
http://eu1.qnap.com/Surveillance/VS-8124Pro+/U_VS-8124Pro+_6612-4.0.3.zip
VS-8148U-RP Pro
http://eu1.qnap.com/Surveillance/VS-8148UPro/U_VS-8148UPro_6612-4.0.3.zip
VS-8140U-RP Pro
http://eu1.qnap.com/Surveillance/VS-8140UPro/U_VS-8140UPro_6612-4.0.3.zip
VS-8132U-RP Pro
http://eu1.qnap.com/Surveillance/VS-8132UPro/U_VS-8132UPro_6612-4.0.3.zip
VS-8124U-RP Pro
http://eu1.qnap.com/Surveillance/VS-8124UPro/U_VS-8124UPro_6612-4.0.3.zip
VS-12164U-RP Pro
http://eu1.qnap.com/Surveillance/VS-12164UPro/U_VS-12164UPro_6612-4.0.3.zip
VS-12156U-RP Pro
http://eu1.qnap.com/Surveillance/VS-12156UPro/U_VS-12156UPro_6612-4.0.3.zip
VS-12148U-RP Pro
http://eu1.qnap.com/Surveillance/VS-12148UPro/U_VS-12148UPro_6612-4.0.3.zip
VS-12140U-RP Pro
http://eu1.qnap.com/Surveillance/VS-12140UPro/U_VS-12140UPro_6612-4.0.3.zip
VS-2008L
http://eu1.qnap.com/Surveillance/VS-2008L/U_VS-2008L_6612-4.0.3.zip
VS-2004L
http://eu1.qnap.com/Surveillance/VS-2004L/U_VS-2004L_6612-4.0.3.zip
VS-1004L
http://eu1.qnap.com/Surveillance/VS-1004L/U_VS-1004L_6612-4.0.3.zip
VS-2012 Pro
http://eu1.qnap.com/Surveillance/VS-2012Pro/U_VS-2012Pro_6612-4.0.3.zip
VS-2008 Pro
http://eu1.qnap.com/Surveillance/VS-2008Pro/U_VS-2008Pro_6612-4.0.3.zip
VS-2004 Pro
http://eu1.qnap.com/Surveillance/VS-2004Pro/U_VS-2004Pro_6612-4.0.3.zip
VS-4016 Pro
http://eu1.qnap.com/Surveillance/VS-4016Pro/U_VS-4016Pro_6612-4.0.3.zip
VS-4012 Pro
http://eu1.qnap.com/Surveillance/VS-4012Pro/U_VS-4012Pro_6612-4.0.3.zip
VS-4008 Pro
http://eu1.qnap.com/Surveillance/VS-4008Pro/U_VS-4008Pro_6612-4.0.3.zip
VS-6020 Pro
http://eu1.qnap.com/Surveillance/VS-6020Pro/U_VS-6020Pro_6612-4.0.3.zip
VS-6016 Pro
http://eu1.qnap.com/Surveillance/VS-6016Pro/U_VS-6016Pro_6612-4.0.3.zip
VS-6012 Pro
http://eu1.qnap.com/Surveillance/VS-6012Pro/U_VS-6012Pro_6612-4.0.3.zip
Other Information:
For any further inquiries, please contact us by email: This email address is being protected from spambots. You need JavaScript enabled to view it..
