Security News > 2023 > January > QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates
2023-01-31 04:06

Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage devices that could lead to arbitrary code injection.

Tracked as CVE-2022-27596, the vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring scale.

"If exploited, this vulnerability allows remote attackers to inject malicious code," QNAP said in an advisory released Monday.

The exact technical specifics surrounding the flaw are unclear, but the NIST National Vulnerability Database has categorized it as an SQL injection vulnerability.

Zero-day vulnerabilities in exposed QNAP appliances have been put to use by DeadBolt ransomware actors to breach target networks, making it essential to update to the latest version in order to mitigate potential threats.

To apply the updates, users are advised to log in to QTS or QuTS hero as an administrator, navigate to Control Panel > System > Firmware Update, and select "Check for Update" under the "Live Update" section.


News URL

https://thehackernews.com/2023/01/qnap-fixes-critical-vulnerability-in.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-01-30 CVE-2022-27596 SQL Injection vulnerability in Qnap QTS and Quts Hero
A vulnerability has been reported to affect QNAP device running QuTS hero, QTS.
network
low complexity
qnap CWE-89
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Qnap 80 4 97 122 76 299