{"id":16780,"date":"2023-01-31T16:32:36","date_gmt":"2023-01-31T15:32:36","guid":{"rendered":"https:\/\/www.show.it\/critical-qnap-vulnerability-leads-to-code-injection\/"},"modified":"2023-01-31T16:32:36","modified_gmt":"2023-01-31T15:32:36","slug":"critical-qnap-vulnerability-leads-to-code-injection","status":"publish","type":"post","link":"https:\/\/www.show.it\/en\/critical-qnap-vulnerability-leads-to-code-injection\/","title":{"rendered":"Critical QNAP Vulnerability Leads to Code Injection"},"content":{"rendered":"<p><strong>QNAP Systems this week issued a warning on a critical vulnerability that could allow attackers to inject malicious code on network-attached storage (NAS) devices.<\/strong><\/p>\n<p>The Taiwan-based manufacturer is known for its NAS appliances and professional network video recorder (NVR) solutions, but also produces various types of networking equipment.<\/p>\n<p>Tracked as <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-27596\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2022-27596<\/a> (CVSS score of 9.8), the newly disclosed vulnerability is described as an SQL injection flaw impacting QuTS hero and QTS.<\/p>\n<p>\u201cA vulnerability has been reported to affect QNAP devices running QTS 5.0.1 and QuTS hero h5.0.1. If exploited, this vulnerability allows remote attackers to inject malicious code,\u201d QNAP warns in its <a href=\"https:\/\/www.qnap.com\/en\/security-advisory\/qsa-23-01\" target=\"_blank\" rel=\"noreferrer noopener\">advisory<\/a>.<\/p>\n<p>The company has issued patches for the vulnerability and urges users to update their devices to QTS 5.0.1.2234 build 20221201 and later, or QuTS hero h5.0.1.2248 build 20221215 and later.<\/p>\n<p>\u201cTo secure your device, we recommend regularly updating your system to the latest version to benefit from vulnerability fixes,\u201d the manufacturer notes.<\/p>\n<p>Users are advised to update their QNAP appliances as soon as possible, as these devices have long been the target of choice for cybercriminals looking<a href=\"https:\/\/www.securityweek.com\/qnap-warns-new-deadbolt-ransomware-attacks-targeting-nas-users\/\" target=\"_blank\" rel=\"noreferrer noopener\"> to infect them with ransomware<\/a> and other malware.<\/p>\n<p>Furthermore, users should ensure that their NAS devices cannot be directly accessed from the internet, and instead secured behind a firewall or VPN.<\/p>\n<p><strong>Related:<\/strong><a href=\"https:\/\/www.securityweek.com\/qnap-patches-critical-vulnerability-network-surveillance-products\/\"> QNAP Patches Critical Vulnerability in Network Surveillance Products<\/a><\/p>\n<p><strong>Related:<\/strong><a href=\"https:\/\/www.securityweek.com\/qnap-devices-targeted-new-wave-deadbolt-ransomware-attacks\/\"> QNAP Devices Targeted in New Wave of DeadBolt Ransomware Attacks<\/a><\/p>\n<p><strong>Related:<\/strong><a href=\"https:\/\/www.securityweek.com\/qnap-extends-security-updates-some-eol-devices\/\"> QNAP Extends Security Updates for Some EOL Devices<\/a><\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.securityweek.com\/critical-qnap-vulnerability-leads-to-code-injection\/\">Critical QNAP Vulnerability Leads to Code Injection<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.securityweek.com\/\">SecurityWeek<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>QNAP Systems this week issued a warning on a critical vulnerability that could allow attackers to inject malicious code on network-attached storage (NAS) devices. The Taiwan-based manufacturer is known for its NAS appliances and professional network video recorder (NVR) solutions, but also produces various types of networking equipment. Tracked as CVE-2022-27596 (CVSS score of 9.8), [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":16781,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[141,23],"tags":[],"class_list":["post-16780","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-qnap","category-vulnerabilities"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts\/16780","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/comments?post=16780"}],"version-history":[{"count":0,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts\/16780\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/media\/16781"}],"wp:attachment":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/media?parent=16780"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/categories?post=16780"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/tags?post=16780"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}