Threat Advisories

QNAP addresses a vulnerability in NAS devices

February 1, 2023

Threat Level

Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

QNAP has released updates to address a security flaw in its network-attached storage (NAS) devices that allows arbitrary code injection. This vulnerability enables a remote attacker to run any SQL query on the database and has been identified as CVE-2022-27596.

Actors, Threats and Vulnerabilities 23 January 2023 – 29 January 2023

Proof-of-concept released for Windows CryptoAPI vulnerability