Description:
QNAP has published a security advisory to address a vulnerability in QNAP products. The details of security updates can be found at:
https://www.qnap.com/en/security-advisory/QSA-23-09
Affected Systems:
- QNAP NAS devices running QTS operating system versions prior to 4.5.4.2280 build 20230112, 5.0.1.2277 build 20230112
- QNAP NAS devices running QuTS hero operating system versions prior to h4.5.4.2374 build 20230417, h5.0.1.2277 build 20230112
- QNAP QuTScloud versions prior to c5.0.1.2374 build 20230419
- QNAP QVR Pro appliances (QVP) versions prior to 2.3.1.0476
For detailed information of the affected products, please refer to the corresponding security advisory at vendor's website.
Impact:
Successful exploitation of the vulnerability could lead to denial of service on an affected system.
Recommendation:
Patches for affected products are available. System administrators of affected products should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
More Information:
- https://www.qnap.com/en/security-advisory/QSA-23-09
- https://www.hkcert.org/security-bulletin/qnap-nas-multiple-vulnerabilities_20230731
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27600