QNAP QTS and QuTS hero Exposure of Sensitive Information Vulnerability

A vulnerability allowing the exposure of sensitive system information to an unauthorized control sphere has been identified in multiple QNAP operating system versions. This vulnerability enables remote attackers to read application data. It affects several different versions and ranges within QTS 5.2.x and QuTS hero h5.2.x and h5.3.x.

Impact

Exploitation of this vulnerability allows remote attackers to read application data, potentially leading to unauthorized access to sensitive information.

Remediation

Users can update to QTS 5.2.8.3332 build 20251128 or later, QuTS hero h5.2.8.3321 build 20251117 or later, or QuTS hero h5.3.1.3250 build 20250912 or later. To update, log in as an administrator, go to Control Panel > System > Firmware Update, and check for the latest available update. Alternatively, download the update from the QNAP Download Center.