Vulnerability Description
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qnap | Photo Station | < 5.2.14 |
| Qnap | Qts | 4.2.6 |
Related Weaknesses (CWE)
References
- https://www.qnap.com/en/security-advisory/qsa-22-24Vendor Advisory
- https://www.qnap.com/en/security-advisory/qsa-22-24Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-US Government Resource
FAQ
What is CVE-2022-27593?
CVE-2022-27593 is a vulnerability with a CVSS score of 10.0 (CRITICAL). An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have al...
How severe is CVE-2022-27593?
CVE-2022-27593 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-27593?
Check the references section above for vendor advisories and patch information. Affected products include: Qnap Photo Station, Qnap Qts.