February 2, 2023
QNAP Patches Critical Vulnerability
QNAP has patched a critical vulnerability affecting its network-attached storage (NAS) devices which could allow to threat actor to perform remote code injection (RCE).
- CVE-2022-27596, (CVSS 3.1: 9.8, Critical) – SQL injection vulnerability which allows remote threat actor to inject malicious code and allow access to sensitive data, modify or delete it.
QNAP devices running QTS 5.0.1 and QuTS hero h5.0.1.
CYREBRO recommends all clients to update their QNAP NAS devices to the latest versions:
- QTS 18.104.22.1684 build 20221201 and later
- QuTS hero h22.214.171.1248 build 20221215 and later
References: QNAP Security Advisory