PT-2022-3432 · Qnap · Qnap Qvr

Chuya Hayakawa

Published

2022-05-05

Updated

2022-05-13

CVE-2022-27588

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions QNAP QVR versions prior to 5.1.6 build 20220401

Description The issue is related to the QNAP QVR video surveillance system management, where it fails to neutralize special elements used in an OS command. This could allow a remote attacker to impact the confidentiality, integrity, and availability of information.

Recommendations For QNAP QVR versions prior to 5.1.6 build 20220401, update to version 5.1.6 build 20220401 or later to resolve the issue.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2022-04210

CVE-2022-27588

Affected Products

Qnap Qvr

PT-2022-3432 · Qnap · Qnap Qvr

CVE-2022-27588

Weakness Enumeration

Related Identifiers

Affected Products

References · 4