CVE-2022-27593 - QNAP Photo Station Externally Controlled Reference Vulnerability
QNAP | Photo Station
- Date Added:
- 2022-09-08
- Due Date:
- 2022-09-29
- Vulnerability Name
QNAP Photo Station Externally Controlled Reference Vulnerability
- Description
Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign.
- Known To Be Used in Ransomware Campaigns?
Known
- Action
Apply updates per vendor instructions.
- Additional Notes
- https://www.qnap.com/en/security-advisory/qsa-22-24; https://nvd.nist.gov/vuln/detail/CVE-2022-27593
Free online web security scanner