Actualizaciones de seguridad QNAP Surveillance Station/NVR VioStor

Se han liberado dos actualizaciones de seguridad altamente recomendadas para sistemas de videovigilancia QNAP:

Release Date: June 10, 2013

Applied Devices:

1. QNAP Turbo NAS with system firmware 3.8 and Surveillance Station Pro v2.0 - 2.5 installed.
2. QNAP Turbo NAS with system firmware 4.0 and Surveillance Station Pro v3.0.0 installed.

* Note: These vulnerabilities do not exist if you have not installed Surveillance Station Pro on Turbo NAS. No fix is required in this case. Moreover, the newest Surveillance Station Pro on the App Center already solved these issues.

Vulnerabilities:

• CWE-284: Improper Access Control CVE-2013-0142
• CWE-77: Improper Neutralization of Special Elements used in a Command
• CVE-2013-0143
• CWE-352: Cross-Site Request Forgery (CSRF). CVE-2013-0144

For detailed information, please visit: http://www.kb.cert.org/vuls/id/927644


Solutions:

- QNAP Turbo NAS with system firmware 4.0 and Surveillance Station Pro v3.0.0 installed:Please go to App Center and upgrade Surveillance Station Pro to v3.0.2 or higher for the security fixes.

Direct download:

 http://download.qnap.com/QPKG/Surveilla ... .2_x86.zip 

http://download.qnap.com/QPKG/Surveilla ... rm-x19.zip

- QNAP Turbo NAS with system firmware 3.8 and Surveillance Station Pro v2.0 - 2.5 installed:
Please go to QPKG Center and upgrade Surveillance Station Pro to v2.6 or higher for the security fixes.
Direct download: 

http://download.qnap.com/QPKG/Surveilla ... .6_x86.zip 

http://download.qnap.com/QPKG/Surveilla ... rm-x19.zip

Posted in: Noticias, Qnap