CVE-2022-27593 - QNAP Photo Station Externally Controlled Reference Vulnerability
Project:QNAP
Product:Photo Station
Date Added:2022-09-08Due Date:2022-09-29
Vulnerability Name
QNAP Photo Station Externally Controlled Reference Vulnerability
Description
Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply updates per vendor instructions.
Additional Notes
https://www.qnap.com/en/security-advisory/qsa-22-24
https://nvd.nist.gov/vuln/detail/CVE-2022-27593