News from IT House on February 1, NAS manufacturer QNAP recently issued a security announcement.Indicates that there is a serious vulnerability in QTS 5.0.1 and QuTS hero h5.0.1 software CVE-2022-27596 that may allow attackers to plant malicious code in the firmware.
The vulnerability has a score of 9.8 in CVSS v3 (with a maximum score of 10), so IT Home recommends netizens who use the above two software to upgrade as soon as possible.
QNAP has not disclosed any further details about the vulnerability. According to Bleeping Computer, vulnerability CVE-2022-27596 is classified as "improper use of special elements in SQL commands" (SQL injection).
Devices running the following software versions are affected:
QTS 5.x
QuTS hero h5.x
WeiUnicom has fixed the above vulnerabilities, and users are recommended to upgrade to:
QTS 5.0.1.2234 build 20221201 and later
QuTS hero h5.0.1.2248 build 20221215 and later
Bleeping Computer pointed out in the report that at least 29000 facilities were affected. A report by Censys security researchers further pointed out that of the more than 60000 QNAP NAS devices found online, only about 550were patched.
User comments