Dear customers,
We're aware of the potential security issues caused by the installation of Surveillance Station Pro on QNAP Turbo NAS. The solutions have been provided and available from App/QPKG Center.
Overview:
Regarding the reported vulnerabilities on the QNAP Turbo NAS with Surveillance Station Pro App/QPKG installed, QNAP suggests that the Turbo NAS users immediately update the Surveillance Station Pro app to the newest version for fixing these issues.
Release Date:
June 10, 2013
Applied Devices:
1. QNAP Turbo NAS with system firmware 3.8 and Surveillance Station Pro v2.0 - 2.5 installed.
2. QNAP Turbo NAS with system firmware 4.0 and Surveillance Station Pro v3.0.0 installed.
Note: These vulnerabilities do not exist if you have not installed Surveillance Station Pro on Turbo NAS. No fix is required in this case. Moreover, the newest Surveillance Station Pro on the App Center already solved these issues.
Vulnerabilities:
CWE-284: Improper Access Control CVE-2013-0142
CWE-77: Improper Neutralization of Special Elements used in a Command
CVE-2013-0143
CWE-352: Cross-Site Request Forgery (CSRF). CVE-2013-0144
For detailed information, please visit: http://www.kb.cert.org/vuls/id/927644
Solutions:
QNAP Turbo NAS with system firmware 4.0 and Surveillance Station Pro v3.0.0 installed:
Please go to App Center and upgrade Surveillance Station Pro to v3.0.2 or higher for the security fixes.
Direct download: http://download.qnap.com/QPKG/Surveilla ... .2_x86.zip http://download.qnap.com/QPKG/Surveilla ... rm-x19.zip
QNAP Turbo NAS with system firmware 3.8 and Surveillance Station Pro v2.0 - 2.5 installed:

Please go to QPKG Center and upgrade Surveillance Station Pro to v2.6 or higher for the security fixes.
Direct download: http://download.qnap.com/QPKG/Surveilla ... .6_x86.zip http://download.qnap.com/QPKG/Surveilla ... rm-x19.zip
Other Information:
1. For any further inquiries, please contact us by email: sspro@qnap.com
2. For VioStor NVR vulnerabilities, please visit VioStor forum to get the hot-fix firmware. (http://forum.qnapsecurity.com/viewtopic ... 0&t=183680)
Security Fix for Surveillance Station Pro v3.0 & v2.0~2.5
QVR Pro, QVR Pro Client, QVR Center and Surveillance Station
- QNAPJason
- QNAP Staff
- Posts: 5398
- Joined: Thu May 21, 2009 2:14 pm
- Location: Taipei
Return to “Surveillance Solution”
Jump to
- QNAP General
- ↳ Announcements
- ↳ Features Wanted
- ↳ Users' Corner
- ↳ Official Apps
- ↳ Prestashop
- ↳ Webalizer
- ↳ Virtualization Station
- ↳ Notes Station
- ↳ SocialLink Station
- ↳ McAfee Antivirus
- ↳ IT Management Station
- ↳ Container Station
- ↳ Qsirch & Qfiling
- ↳ Community Apps
- ↳ Apps Wanted
- ↳ Partner Apps
- ↳ BitTorrent Sync
- ↳ EZPhone
- ↳ Plex Media Server
- ↳ Ragic
- ↳ Tonido
- Getting Started
- ↳ Frequently Asked Questions
- ↳ Presales
- ↳ Turbo Station Installation & Setup
- General
- ↳ Hardware & Software Compatibility
- ↳ HDD Spin Down (HDD Standby)
- ↳ Seagate Drive Discussion
- ↳ Western Digital Drive Discussion
- ↳ File Sharing
- ↳ Mac OS
- ↳ Linux & Unix (NFS)
- ↳ Windows
- ↳ Backup & Restore
- ↳ Symform
- ↳ Microsoft Azure
- ↳ OpenStack Swift
- ↳ Amazon Glacier
- ↳ Amazon S3
- ↳ WebDAV-based Backup
- ↳ Google Cloud Storage
- ↳ Object Storage Server
- ↳ ElephantDrive
- ↳ Xopero
- ↳ System & Disk Volume Management
- ↳ Web Server & Applications (Apache + PHP + MySQL / SQLite)
- ↳ Download Station and QGet
- ↳ myQNAPcloud service
- ↳ Surveillance Solution
- ↳ Miscellaneous
- ↳ QIoT
- ↳ QuAI
- ↳ QVR Face
- Business
- ↳ Windows Domain & Active Directory
- ↳ iSCSI – Target & Virtual Disk
- ↳ Remote Replication/ Disaster Recovery
- ↳ Server Virtualization & Clustering
- ↳ NAS Management
- ↳ QES Operating System (QNAP Enterprise Storage OS)
- Multimedia
- ↳ Photo Station, Music Station, Video Station
- ↳ Media Streaming
- ↳ Mobile Devices