mickmick.net

QNAP NAS Multiple Vulnerabilities

Release Date: 31 Jul 2023s

RISK: Medium Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in QNAP NAS. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and remote code execution on the targeted system.

---

Impact

• Denial of Service
• Remote Code Execution

---

System / Technologies affected

• QTS version prior to 5.0.1.2277 build 20230112
• QTS version prior to 4.5.4.2280 build 20230112
• QuTS hero version prior to h5.0.1.2277 build 20230112
• QuTS hero version prior to h4.5.4.2374 build 20230417
• QuTScloud version prior to c5.0.1.2374 build 20230419
• QVR Pro Appliance version prior to 2.3.1.0476
• QVPN Device Client for Windows version prior to 2.0.0.1316

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

• Apply fixes issued by the vendor:
  https://www.qnap.com/en/security-advisory/QSA-23-04
  https://www.qnap.com/en/security-advisory/QSA-23-09

---

Vulnerability Identifier

• CVE-2022-27595
• CVE-2022-27600

---

Source

• QNAP

---

Related Link

• https://www.qnap.com/en/security-advisory/QSA-23-04
• https://www.qnap.com/en/security-advisory/QSA-23-09