Security News > 2022 > May > QNAP Releases Firmware Patches for 9 New Flaws Affecting NAS Devices

QNAP Releases Firmware Patches for 9 New Flaws Affecting NAS Devices
2022-05-08 19:52

QNAP, Taiwanese maker of network-attached storage devices, on Friday released security updates to patch nine security weaknesses, including a critical issue that could be exploited to take over an affected system.

"A vulnerability has been reported to affect QNAP VS Series NVR running QVR," QNAP said in an advisory.

"If exploited, this vulnerability allows remote attackers to run arbitrary commands."

Tracked as CVE-2022-27588, the vulnerability has been addressed in QVR 5.1.6 build 20220401 and later.

Credited with reporting the flaw is the Japan Computer Emergency Response Team Coordination Center.

Aside from the critical shortcoming, QNAP has also resolved three high-severity and five medium-severity bugs in its software -.


News URL

https://thehackernews.com/2022/05/qnap-releases-firmware-patches-for-9.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-05-05 CVE-2022-27588 Command Injection vulnerability in Qnap QVR
We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later
network
low complexity
qnap CWE-77
7.5
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Qnap 93 15 113 112 32 272