Home / Roundups / NAS

Category roundup

Official NAS firmware security updates from the last 12 months

NAS coverage works best when the vendor publishes a clear advisory, a fixed build, and an official update path. Synology and QNAP both fit that model well, which makes them the strongest anchor vendors for practical static NAS coverage on devicefirmware.com today.

Official sources used

Synology security advisories and QNAP security advisories/download center

This page keeps the editorial layer narrow: highlight the most useful official advisories, surface the fixed builds plainly, and link readers back to the vendor for the actual update path.

Synology2025-05-29

Synology-SA-25:07 SMB Service

Synology says this SMB Service issue could allow remote authenticated users to write to limited files, and it published fixed package versions by DSM track.

Fixed versionsDSM 7.2: 4.15.13-2502 or above; DSM 7.1: 4.15.9-0644 or above
Why it mattersIt is a good example of the kind of package-level advisory Synology handles clearly enough for operators to act on quickly.
Official advisory ↗Synology downloads ↗
QNAP2026-01-03

QSA-25-50 multiple vulnerabilities in QTS and QuTS hero

QNAP published a broad advisory covering current NAS operating system branches and provided fixed builds across both QTS and QuTS hero tracks.

Fixed buildsQTS 5.2.7.3256 build 20250913+, QuTS hero h5.2.7.3256 build 20250913+, QuTS hero h5.3.1.3250 build 20250912+
Why it mattersThese broader advisories are useful because they collapse many vulnerabilities into a concrete minimum target version by branch.
Official advisory ↗QNAP downloads ↗
QNAP2025-11-08

QSA-25-45 multiple vulnerabilities in QTS and QuTS hero (PWN2OWN 2025)

QNAP ties this advisory to PWN2OWN 2025 and lists command injection, SQL injection, authentication bypass, and memory handling issues across supported tracks.

Fixed buildsQTS 5.2.7.3297 build 20251024+, QuTS hero h5.2.7.3297 build 20251024+, QuTS hero h5.3.1.3292 build 20251024+
Why it mattersPWN2OWN-linked advisories tend to attract search demand and are strong candidates for durable static coverage.
Official advisory ↗
QNAP2025-08-29

QSA-25-21 multiple vulnerabilities in QTS and QuTS hero

QNAP lists a broad mix of command injection, path traversal, denial-of-service, and memory corruption issues and again gives a direct fixed-build target by branch.

Fixed buildsQTS 5.2.5.3145 build 20250526+, QuTS hero h5.2.5.3138 build 20250519+
Why it mattersIt shows why QNAP is worth covering: the advisories are busy, but still structured enough to normalize cleanly.
Official advisory ↗