Home/QNAP/NAS / Expansion/TAS-168

TAS-168

QNAP Storage · NAS / Expansion Series

High confidence Official QNAP notice ↗ Verified
TAS-168 is dead. QNAP support ended (-1386d).

Is the TAS-168 still supported?

No. QNAP ended support for the TAS-168 on 2022-10-01. No further security fixes will be issued. See QNAP's lifecycle bulletin.

When does the TAS-168 reach end of support?

QNAP support for the TAS-168 ends on 2022-10-01.

What replaces the TAS-168?

QNAP has not published a successor model for the TAS-168.

What known-exploited CVEs apply to the TAS-168 past end of support?

10 CVEs in CISA's Known Exploited Vulnerabilities catalog apply to the platform the TAS-168 runs. These will not be patched on this device because it is past the QNAP security-support date. See the Known Exploited Vulnerabilities table below for the full list.

Known Exploited Vulnerabilities

This device is past QNAP's security-support date. 10 CVEs in CISA's Known Exploited Vulnerabilities catalog apply to the platform it runs. QNAP is not issuing patches for this model. Isolate, compensate, or refresh.

CVE KEV added Vulnerability Flags
CVE-2022-27593 QNAP Photo Station Externally Controlled Reference Vulnerability Ransomware
CVE-2019-7195 QNAP Photo Station Path Traversal Vulnerability Ransomware
CVE-2019-7194 QNAP Photo Station Path Traversal Vulnerability Ransomware
CVE-2019-7193 QNAP QTS Improper Input Validation Vulnerability Ransomware
CVE-2019-7192 QNAP Photo Station Improper Access Control Vulnerability Ransomware
CVE-2018-19953 QNAP NAS File Station Cross-Site Scripting Vulnerability Ransomware
CVE-2018-19949 QNAP NAS File Station Command Injection Vulnerability Ransomware
CVE-2018-19943 QNAP NAS File Station Cross-Site Scripting Vulnerability Ransomware
CVE-2020-2509 QNAP Network-Attached Storage (NAS) Command Injection Vulnerability
CVE-2021-28799 QNAP NAS Improper Authorization Vulnerability Ransomware

Source: CISA Known Exploited Vulnerabilities catalog. The Ransomware flag reflects CISA's own knownRansomwareCampaignUse field, set when the CVE has been observed in ransomware campaigns per their threat intel. It's not a property of the vulnerability description itself.

Correlation is at the platform level, not per-OS-version. Not exhaustive: KEV only lists actively-exploited CVEs and many relevant unexploited vulnerabilities are not here. Verify against vendor security advisories (PSIRT, JSA, PAN-SA) and NVD before acting. See compensating controls if refresh isn't immediate.

TAS-168 Lifecycle Overview

The QNAP TAS-168 is a storage product in the QNAP NAS / Expansion series. This product has reached end of life as of , meaning QNAP no longer provides technical support, software updates, or hardware replacement for this product. Organizations still running the TAS-168 should plan a migration .

Lifecycle Milestones

End of software maintenance 7y 7mo ago
End of security vulnerability support 3y 10mo ago
Last date of support 3y 10mo ago
Applicable Platforms
↑ Top