A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code.
We have already fixed this vulnerability in the following versions of QuTS hero, QTS:
QuTS hero h5.0.1.2248 build 20221215 and later
QTS 5.0.1.2234 build 20221201 and later
References
Link | Resource |
---|---|
https://www.qnap.com/en/security-advisory/qsa-23-01 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:45
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later QTS 5.0.1.2234 build 20221201 and later |
01 Feb 2023, 14:40
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-89 | |
CPE | cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://www.qnap.com/en/security-advisory/qsa-23-01 - Vendor Advisory | |
First Time |
Qnap qts
Qnap Qnap quts Hero |
30 Jan 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-30 02:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-27596
Mitre link : CVE-2022-27596
CVE.ORG link : CVE-2022-27596
JSON object : View
Products Affected
qnap
- qts
- quts_hero
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')