QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices.
A remote attacker can exploit the vulnerability to inject malicious code on QNAP NAS devices. The flaw is easy to exploit without user interaction or privileges on the vulnerable device.
The flaw impacts QTS 5.0.1 and QuTS hero h5.0.1 versions.
“A vulnerability has been reported to affect QNAP devices running QTS 5.0.1 and QuTS hero h5.0.1. If exploited, this vulnerability allows remote attackers to inject malicious code.” reads the advisory published by the Taiwanese vendor.
“We have already fixed this vulnerability in the following operating system versions:
- QTS 5.0.1.2234 build 20221201 and later
- QuTS hero h5.0.1.2248 build 20221215 and later”
