QNAP releases firmware update for VioStor NVR models

QNAP® Security released a new firmware Build 8221 with GNU Bash security patch update for legacy VioStor NVR models running firmware v3.5.0, v3.6.0, v4.0.0, and v4.2.0.

This release has fixed the GNU Bash Environment Variable Command Injection Vulnerability (CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278, CVE-2014-7186 and CVE-2014-7187), also known as “Shellshock,” that can allow attackers to gain remote control over UNIX/Linux-based systems. Users of the following VioStor NVR models are strongly advised to update their VioStor NVR with the new firmware.

Model name (firmware version):
* VS-2004L (v4.2.0) / VS-2008L (v4.2.0)
* VS-2008 (v3.6.0)/ VS-2012 (v3.6.0)
* VS-4016U (v3.6.0)
* VS-5012 (v3.5.0) / VS-5020 (v3.5.0)
* VS-8024(v4.0.0) / VS-8024U/(v4.0.0) / VS-8032(v4.0.0) VS-8032U(v4.0.0) / VS-8040 (v4.0.0) / VS-8040U (v4.0.0)

This new firmware Build 8221 can be installed in the following steps:
1. Select your model and download firmware Build 8221 from the QNAP Security website (http://goo.gl/NlKiK6)
2. Go to “System Configuration > System tools > System Update” to select and apply the firmware
3. Click “Update System”