Thecus® Releases Patch to Resolve Bash Vulnerability
All models now immune to latest cyber security bug
October 16, 2014, Taipei, Taiwan – In order to combat recent bash vulnerability issues, Thecus today released a Bash patch for both Thecus OS5 and OS6 users. It is strongly recommended that all users update their NAS withthislatestfirmware.
The patch will fix the GNU Bash Environment Variable Command Injection Vulnerability, also referred to as Shellshock(CVE-2014-6271, CVE-2014-7169, CVE-2014-7187, and CVE-2014-71861), which allows unauthorized users access to remote Unix/Linux-based systems.
For ThecusOS 6, users can download the OS6 Bash offline patch V1.0. The patch is applicable for the following units:
- N2310, N4310
- N2520, N2560, N4520, N4560
For ThecusOS 5x64, users can update their firmware to v2.05.06 to apply the Bash patch. This firmware is applicable to the following units:
- N16000 series / N12000 series / N8900 series
- N10850 / N8850 / N6850
- N8810 series / N7710 series
- N8800PROv2 / N7700 PROv2
- N7510 / N5550 / N4800 series / N4510U series / N2800
For ThecusOS 5 x86, users can update their firmware to v5.03.02.8 to apply the Bash patch. This firmware is applicable to the following units:
- Thecus XXX series / 1U4600 / N0503 / N4200 series / N5500
- N7700 / N7700SAS / N7700+/ N7700PRO
- N8800 / N8800SAS / N8800+/ N8800PRO
To download the latest firmware and patches, please visit the Thecus Download Center.
1Please note that the patch for the N2310 does not cover CVE-2014-7186.
Thecus Technology Corp. specializes in Network Attached Storage and Network Video Recorder solutions. Established in 2004 with the mission of making technology that is both intuitive and ground-breaking, Thecus offers products designed to appeal to both advanced and novice users. By combining a world-class storage R&D team with a commitment to customer satisfaction, Thecus is able to adapt to the market with its innovative NAS and NVR and fulfill the storage and surveillance needs of today’s world.