QNAP has addressed a critical security vulnerability in their Surveillance Station app that, if exploited, would allow an unauthorized user to execute malicious code remotely on a network-attached-storage (NAS) device that runs the vulnerable software. Surveillance Station is the QNAP’s network surveillance Video Management System (VMS), a software solution that allows users to manage and monitor up to 12 IP cameras. The security flaw is a stack-based buffer overflow vulnerability that impacts QNAP NAS devices that are running Surveillance Station. QNAP has fixed the vulnerability in the following software versions: Surveillance Station 184.108.40.206.3, 220.127.116.11.3, ARM CPU NAS 32-bit and 64-bit OS’s, and both 32 and 64 Bit X86 CPU NAS’s. QNAP also patched a medium severity cross-site scripting (XSS) vulnerability. This bug was addressed in Photo Station 6.0.11 and later versions.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is