QNAP addresses a vulnerability in NAS devices
QNAP addresses a vulnerability in NAS devices
Threat Level
Vulnerability Report
For a detailed threat advisory, download the pdf file here
Summary
QNAP has released updates to address a security flaw in its network-attached storage (NAS) devices that allows arbitrary code injection. This vulnerability enables a remote attacker to run any SQL query on the database and has been identified as CVE-2022-27596.