QNAP Releases Security Update

QNAP releases a security update to address a critical vulnerability in their QTS and QuTS hero products

Threat ID:: CC-4253
Threat Severity:: Information only
Published:: 31 January 2023 11:31 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

QNAP releases a security update to address a critical vulnerability in their QTS and QuTS hero products

Affected platforms

The following platforms are known to be affected:

Versions: All prior to QTS 5.0.1.2234

QNAP QTS

Versions: All prior to h5.0.1.2248

QNAP QuTS Hero

Threat details

Introduction

QNAP has reported a vulnerability affecting devices running QTS 5.0.1 and QuTS hero h5.0.1. A remote attacker could exploit this vulnerability to inject malicious code to take control of an affected system.

Remediation advice

Affected organisations are encouraged to review the QNAP Vulnerability in QTS and QuST hero security advisory and apply any relevant updates or workarounds.

Definitive source of threat updates

https://www.qnap.com/en/security-advisory/qsa-23-01

CVE Vulnerabilities

Status Published

CVE-2022-27596

A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later QTS 5.0.1.2234 build 20221201 and later

Last edited: 31 January 2023 1:03 pm