Home > News content

At least 29000 facilities were affected, and WeiUnicom announced that there were serious loopholes in QTS and QuTS hero.

via:IT之家     time:2023/2/1 16:02:09     readed:240

News from IT House on February 1, NAS manufacturer QNAP recently issued a security announcement.Indicates that there is a serious vulnerability in QTS 5.0.1 and QuTS hero h5.0.1 software CVE-2022-27596 that may allow attackers to plant malicious code in the firmware.

The vulnerability has a score of 9.8 in CVSS v3 (with a maximum score of 10), so IT Home recommends netizens who use the above two software to upgrade as soon as possible.

QNAP has not disclosed any further details about the vulnerability. According to Bleeping Computer, vulnerability CVE-2022-27596 is classified as "improper use of special elements in SQL commands" (SQL injection).

Devices running the following software versions are affected:

  • QTS 5.x

  • QuTS hero h5.x

WeiUnicom has fixed the above vulnerabilities, and users are recommended to upgrade to:

  • QTS build 20221201 and later

  • QuTS hero h5.0.1.2248 build 20221215 and later

Bleeping Computer pointed out in the report that at least 29000 facilities were affected. A report by Censys security researchers further pointed out that of the more than 60000 QNAP NAS devices found online, only about 550were patched.

translate engine: 腾讯

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments