QNAP, Taiwanese maker of network-hooked up storage (NAS) gadgets, on Friday released security updates to patch nine security weaknesses, together with a critical issue that could be exploited to get around an impacted technique.
“A vulnerability has been described to influence QNAP VS Collection NVR working QVR,” QNAP explained in an advisory. “If exploited, this vulnerability lets distant attackers to operate arbitrary commands.”
Tracked as CVE-2022-27588 (CVSS rating: 9.8), the vulnerability has been addressed in QVR 5.1.6 establish 20220401 and later. Credited with reporting the flaw is the Japan Laptop Emergency Response Team Coordination Center (JPCERT/CC).

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
Apart from the critical shortcoming, QNAP has also settled 3 high-severity and 5 medium-severity bugs in its software package –
- CVE-2021-38693 (CVSS score: 5.3) – A route traversal vulnerability in thttpd affecting QNAP equipment managing QTS, QuTS hero, QuTScloud, and QVR Pro Equipment, leading to facts disclosure
- CVE-2021-44051 (CVSS score: 8.8) – A command injection vulnerability in QNAP equipment functioning QTS, QuTS hero, and QuTScloud, resulting in arbitrary command execution
- CVE-2021-44052 (CVSS score: 6.5) – An poor hyperlink resolution right before file entry (“backlink following”) vulnerability in QNAP gadgets operating QTS, QuTS hero, and QuTScloud, allowing for attackers to browse/produce documents in arbitrary file spots
- CVE-2021-44053 (CVSS rating: 5.7) – A cross-internet site scripting (XSS) vulnerability in QNAP products managing QTS, QuTS hero, and QuTScloud, major to code injection
- CVE-2021-44054 (CVSS score: 4.3) – An open up redirect vulnerability in QNAP gadgets running QTS, QuTS hero, and QuTScloud, generating it feasible to redirect end users to a rogue web pages
- CVE-2021-44055 (CVSS score: 5.3) – A lacking authorization vulnerability in QNAP units functioning Video Station, allowing for attackers to entry info or conduct unauthorized actions
- CVE-2021-44056 (CVSS rating: 7.1) – An poor authentication vulnerability in QNAP units functioning Video clip Station, main to technique compromise
- CVE-2021-44057 (CVSS score: 7.1) – An incorrect authentication vulnerability in QNAP devices managing Image Station, primary to method compromise
Identified this report appealing? Observe THN on Facebook, Twitter and LinkedIn to read much more unique content material we publish.
Some areas of this posting are sourced from:
thehackernews.com