QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices.
A remote attacker can exploit the vulnerability to inject malicious code on QNAP NAS devices. The flaw is easy to exploit without user interaction or privileges on the vulnerable device.
The flaw impacts QTS 5.0.1 and QuTS hero h5.0.1 versions.
“A vulnerability has been reported to affect QNAP devices running QTS 5.0.1 and QuTS hero h5.0.1. If exploited, this vulnerability allows remote attackers to inject malicious code.” reads the advisory published by the Taiwanese vendor.
“We have already fixed this vulnerability in the following operating system versions:
Below is the step-by-step procedure to update QTS or QuTS hero:
Users can also download the update from the QNAP website by going to Support > Download Center and then performing a manual update for their specific device.
The company urges customers to apply security updates as soon as possible.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Moshen Dragon)
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
A cyber attack has been disrupting operations at Synlab Italia, a leading provider of medical…
Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler…
A financially motivated group named GhostR claims the theft of a sensitive database from World-Check…
Researcher demonstrated how to exploit vulnerabilities in the Windows DOS-to-NT path conversion process to achieve…
Japan's CERT warns of a vulnerability in the Forminator WordPress plugin that allows unrestricted file uploads…
This website uses cookies.