Rewterz Threat Advisory – ICS : Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU
September 13, 2021Rewterz Threat Alert – APT C-50 aka DomseticKitten – Active IOCs
September 13, 2021Rewterz Threat Advisory – ICS : Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU
September 13, 2021Rewterz Threat Alert – APT C-50 aka DomseticKitten – Active IOCs
September 13, 2021Severity
High
Analysis Summary
CVE-2018-19957 – Insufficient HTTP Security Headers in QTS, QuTS hero, and QuTScloud
A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks.
CVE-2021-28813 – Insufficiently Protected Credentials in QSW-M2116P-2T2S and QuNetSwitch
A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.
CVE-2021-34345,CVE-2021-34346 – Stack-Based Buffer Overflow Vulnerabilities in NVR Storage Expansion
Two stack-based buffer overflow vulnerabilities have been reported to affect QNAP NAS running NVR Storage Expansion. If exploited, these vulnerabilities allow attackers to execute arbitrary code.
CVE-2021-34344 – Stack Buffer Overflow Vulnerability in QUSBCam2
A stack buffer overflow vulnerability has been reported to affect QNAP NAS running QUSBCam2. If exploited, this vulnerability allows attackers to execute arbitrary code.
CVE-2021-28816,CVE-2021-34343 – Stack Buffer Overflow Vulnerabilities in QTS, QuTS hero, and QuTScloud
Two stack buffer overflow vulnerabilities have been reported to affect QNAP devices running QTS, QuTS hero, and QuTScloud. If exploited, these vulnerabilities allow attackers to execute arbitrary code.
Impact
- Code Execution
- Information Theft
- Unauthorized Access
Affected Vendors
QNAP
Affected Products
- QTS 4.5.4.1715 build 20210630 and later
- QuTS hero h4.5.4.1771 build 20210825 and later
- QuTScloud c4.5.6.1755 build 20210809 and later
- QSW-M2116P-2T2S 1.0.6 build 210713 and later
- QGD-1600P: QuNetSwitch 1.0.6.1509 and later
- QGD-1602P: QuNetSwitch 1.0.6.1509 and later
- QGD-3014PT: QuNetSwitch 1.0.6.1519 and later
- NVR Storage Expansion 1.0.6 (2021/08/03) and later
- QTS 4.5.4: QUSBCam2 1.1.4 (2021/07/30) and later
- QTS 4.3.6: QUSBCam2 1.1.4 ( 2021/07/30 ) and later
- QuTS hero h4.5.3: QUSBCam2 1.1.4 (2021/07/30) and later
- QTS 5.0.0.1716 build 20210701 and later
- QuTScloud c4.5.6.1755 and later
Remediation
For CVE-2018-19957
Updating QTS, QuTS hero, QuTScloud
Log on to QTS, QuTS hero, or QuTScloud as administrator.
Go to Control Panel > System > Firmware Update.
Under Live Update, click Check for Update.
QTS, QuTS hero, QuTScloud download and installs the latest available update.
For CVE-2021-28813
Log on to QSS.
Go to System > Firmware Update > Live Update.
Click Check for Update.
QSS checks for available firmware updates.
Click Update System.
A confirmation message appears.
Click Update.
QSS downloads and installs the latest available update.
Updating QuNetSwitch
Log on to QTS as administrator.
Open the App Center and then click .
A search box appears.
Type “QuNetSwitch” and then press ENTER.
QuNetSwitch appears in the search results.
Click Update.
A confirmation message appears.
Note: The Update button is not available if your QuNetSwitch is already up to date.
Click OK.
The application is updated.
For CVE-2021-34345,CVE-2021-34346
Updating NVR Storage Expansion
Log on to QTS as administrator.
Open the App Center and then click .
A search box appears.
Type “NVR Storage Expansion” and then press ENTER.
NVR Storage Expansion appears in the search results.
Click Update.
A confirmation message appears.
Note: The Update button is not available if your NVR Storage Expansion is already up to date.
Click OK.
The application is update
For CVE-2021-34344
Updating QUSBCam2
Log on to QTS or QuTS hero as administrator.
Open the App Center and then click .
A search box appears.
Type “QUSBCam2” and then press ENTER.
QUSBCam2 appears in the search results.
Click Update.
A confirmation message appears.
Note: The Update button is not available if your QUSBCam2 is already up to date.
Click OK.
The application is updated.
For CVE-2021-28816,CVE-2021-34343
Updating QTS, QuTS hero, or QuTScloud
Log on to QTS, QuTS hero, or QuTScloud as administrator.
Go to Control Panel > System > Firmware Update.
Under Live Update, click Check for Update.
QTS, QuTS hero, or QuTScloud downloads and installs the latest available update.
Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.