Security ID : QSA-21-17
Vulnerability in Roon Server
Release date : May 14, 2021
CVE identifier : CVE-2021-28810 | CVE-2021-28811
Affected products: QNAP NAS running Roon Server
Severity
Critical
Status
Resolved
Summary
The QNAP security team has detected an attack campaign in the wild related to a vulnerability in Roon Server. QNAP NAS running the following versions of Roon Server may be susceptible to attack:
- Roon Server 2021-02-01 and earlier
Roon Labs has already fixed this vulnerability in the following versions:
- Roon Server 2021-05-18 and later
Recommendation
To fix the vulnerability, we recommend updating Roon Server to the latest version.
Updating Roon Server
- Log on to QTS or QuTS hero as administrator.
- Open the App Center and then click .
A search box appears. - Type “Roon Server” and then press ENTER.
Roon Server appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your version is already up to date. - Click OK.
The application is updated.
Acknowledgements: Beijing Venustech Cybervision Co. Ltd
Revision History:
V2.1 (June 8, 2021) - Update CVE ID and Acknowledgements
V2.0 (June 4, 2021) - Issue Resolved
V1.0 (May 14, 2021) - Published