TS-219P II
TS-219P-II
Storage
· NAS / Expansion Series
TS-233.
Is the TS-219P II still supported?
No. QNAP ended support for the TS-219P II on 2022-10-31. No further security fixes will be issued. See QNAP's lifecycle bulletin.
When does the TS-219P II reach end of support?
QNAP support for the TS-219P II ends on 2022-10-31.
What replaces the TS-219P II?
QNAP lists the TS-233 as the successor.
What known-exploited CVEs apply to the TS-219P II past end of support?
10 CVEs in CISA's Known Exploited Vulnerabilities catalog apply to the platform the TS-219P II runs. These will not be patched on this device because it is past the QNAP security-support date. See the Known Exploited Vulnerabilities table below for the full list.
TS-233
Known Exploited Vulnerabilities
This device is past QNAP's security-support date. 10 CVEs in CISA's Known Exploited Vulnerabilities catalog apply to the platform it runs. QNAP is not issuing patches for this model. Isolate, compensate, or refresh.
| CVE | KEV added | Vulnerability | Flags |
|---|---|---|---|
CVE-2022-27593
|
QNAP Photo Station Externally Controlled Reference Vulnerability | Ransomware | |
CVE-2019-7195
|
QNAP Photo Station Path Traversal Vulnerability | Ransomware | |
CVE-2019-7194
|
QNAP Photo Station Path Traversal Vulnerability | Ransomware | |
CVE-2019-7193
|
QNAP QTS Improper Input Validation Vulnerability | Ransomware | |
CVE-2019-7192
|
QNAP Photo Station Improper Access Control Vulnerability | Ransomware | |
CVE-2018-19953
|
QNAP NAS File Station Cross-Site Scripting Vulnerability | Ransomware | |
CVE-2018-19949
|
QNAP NAS File Station Command Injection Vulnerability | Ransomware | |
CVE-2018-19943
|
QNAP NAS File Station Cross-Site Scripting Vulnerability | Ransomware | |
CVE-2020-2509
|
QNAP Network-Attached Storage (NAS) Command Injection Vulnerability | ||
CVE-2021-28799
|
QNAP NAS Improper Authorization Vulnerability | Ransomware |
Source: CISA Known Exploited Vulnerabilities catalog. The Ransomware flag reflects CISA's own knownRansomwareCampaignUse field, set when the CVE has been observed in ransomware campaigns per their threat intel. It's not a property of the vulnerability description itself.
Correlation is at the platform level, not per-OS-version. Not exhaustive: KEV only lists actively-exploited CVEs and many relevant unexploited vulnerabilities are not here. Verify against vendor security advisories (PSIRT, JSA, PAN-SA) and NVD before acting. See compensating controls if refresh isn't immediate.
TS-219P II Lifecycle Overview
The QNAP TS-219P II (TS-219P-II)
is a storage
product in the QNAP NAS / Expansion series.
This product has reached end of life as of ,
meaning QNAP no longer provides technical support, software updates, or hardware replacement for this product.
Organizations still running the TS-219P II should plan a migration
to TS-233.
Lifecycle Milestones
| End of software maintenance | 8y 7mo ago | |
|---|---|---|
| End of security vulnerability support | 3y 9mo ago | |
| Last date of support | 3y 9mo ago |