logo

CVE-2022-27593 - QNAP Photo Station Externally Controlled Reference Vulnerability

QNAP | Photo Station

  • Date Added:
  • 2022-09-08
  • Due Date:
  • 2022-09-29
Vulnerability Name

QNAP Photo Station Externally Controlled Reference Vulnerability

Description

Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes
https://www.qnap.com/en/security-advisory/qsa-22-24; https://nvd.nist.gov/vuln/detail/CVE-2022-27593

Free online web security scanner