Posted on

QNAP QTS 4.2/4.3 Media Library privilege escalation

A vulnerability, which was classified as critical, has been found in QNAP QTS 4.2/4.3 (Network Attached Storage Software). This issue affects an unknown function of the component Media Library. Upgrading to version 4.2.6 Build 20170905 or 4.3.3.0299 Build 20170901 eliminates this vulnerability.Addressing this vulnerability is possible by firewalling Port 9251. The best possible mitigation is suggested to be upgrading to the latest version.