Publish services

Post your questions about myQNAPcloud service here.
ColHut
Know my way around
Posts: 248
Joined: Sat Oct 14, 2017 12:13 am

Re: Publish services

Post by ColHut »

spile wrote: Wed Jun 16, 2021 5:06 pm My comment about trust and MyQnapCloud Link needs updating...
https://www.qnap.com/en-uk/security-adv ... dium=email
From that link:

Summary
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.

What is the “unrestricted storage mechanism”? ( not ‘media’ , my bad.)

Regards
Last edited by ColHut on Thu Jun 17, 2021 9:16 pm, edited 1 time in total.
elvisimprsntr

Re: Publish services

Post by elvisimprsntr »

ColHut wrote:
spile wrote: Wed Jun 16, 2021 5:06 pm My comment about trust and MyQnapCloud Link needs updating...
https://www.qnap.com/en-uk/security-adv ... dium=email
From that link:

Summary
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.

What is the “unrestricted storage media”?

Regards
Seems to imply root access
Mousetick
Experience counts
Posts: 1081
Joined: Thu Aug 24, 2017 10:28 pm

Re: Publish services

Post by Mousetick »

ColHut wrote: Wed Jun 16, 2021 10:49 pm What is the “unrestricted storage media”?
Your guess is as good as any. Could be some credentials or access tokens stored on the NAS in clear text or readable by any user.

See here for formal description of "Insecure Storage of Sensitive Information": https://cwe.mitre.org/data/definitions/922.html.

This page details the characteristics of the vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2021-28815. It says that it requires local access with high privileges... but the QNAP security advisory talks about remote attackers, so who knows...
ColHut
Know my way around
Posts: 248
Joined: Sat Oct 14, 2017 12:13 am

Re: Publish services

Post by ColHut »

User avatar
beshur
Getting the hang of things
Posts: 59
Joined: Wed Jul 22, 2020 9:44 pm
Location: Odesa, Ukraine
Contact:

Re: Publish services

Post by beshur »

Is it possible to open my custom ports (for Container station e.g., but not for QTS or Photostation) via myQNAPcloud?
TS-253B-8G | 2x WD Red Plus 8Tb
User avatar
dolbyman
Guru
Posts: 35005
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Publish services

Post by dolbyman »

MyQNAPcloud is just a DDNS service, you can open whatever ports you want in your router.

If you are talking about cloudlink, this service is exclusive for a limited amount of apps

> Topic closed for necroposting
Locked

Return to “myQNAPcloud service”