Critical Vulnerabilities Found in QNAP NVR Storage Expansion

Photo of Network Equipment

The onslaught of exploitable software vulnerabilities affecting critical system component software such as critical network and surveillance gear continues. These software vulnerabilities, especially when affecting infrastructural hardware components such as network equipment, can spell danger for the entire network.

This time, QNAP Systems has suffered two critical software vulnerabilities. QNAP Systems is one of the leaders in network-attached storage and video surveillance gear. Delivering high-performance NAS (Network Attached Storage), professional-grade video recorder (NVR) solutions, QNAP Systems caters to a wide range of the market including; home use to SMBs (Small to Medium Businesses.)

The company has released security advisory information on its official website about 2 critical vulnerabilities affecting NVR Storage Expansion. The critical vulnerabilities can ultimately lead to the complete compromise of an unpatched system. In the next sections, following the description of the vulnerability and technical breakdown, users will have all the information they need to update their software and avoid any issues.

The QNAP NVR Storage Expansion Software Vulnerability

The official QNAP Systems Security Advisory presented a report revealing two critical vulnerabilities in the QNAP NVR Storage Expansion. The NVR Storage Expansion is an important utility for Network Video Recording. The Security Advisory Report was published on September 10th, 2021.

Technical Details

The release reports from the QNAP Systems Security Advisory detail two critical stack-based overflow software vulnerability types, publicly known as; CVE-2021-34345 and CVE-2021-34346. Further information reveals that the vulnerabilities allow a remote attacker to execute arbitrary code on the target system. The vulnerabilities exist due to a boundary error. A remote and unauthenticated attacker can trigger a stack-based buffer overflow and execute arbitrary code on the target system. Successful exploitation of these vulnerabilities may result in the complete compromise of a vulnerable system.

Vulnerable Software Versions

NVR Storage Expansion 1.05 is now at risk from these software vulnerabilities.

Important User Information

The solution to the problem is for users to update their NVR Storage Expansion. According to the QNAP Systems Security Advisory report, the issue has been resolved in NVR Storage Expansion 1.0.6 (2021/08/03) and later.

How to Update

The official QNAP Systems Security Advisory recommends the following steps to update the vulnerable software;

Updating NVR Storage Expansion

  1. Log on to QTS as administrator.
  2. Open the App Center and then click .
    A search box appears.
  3. Type “NVR Storage Expansion” and then press ENTER.
    NVR Storage Expansion appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your NVR Storage Expansion is already up to date.
  5. Click OK.
    The application is updated.
Tech researcher & communications specialist
Mirza has an education background in Global Communications, has worked in advertising, marketing, journalism and television over the years while living in several different countries. He is now working to consolidate news and outreach at VPNoverview.com, while in his free time he likes to work on documentary projects, read about sociology and write about world events.