CVE-2022-27596

Name of the Vulnerable Software and Affected Versions QuTS hero versions prior to h5.0.1.2248 build 20221215 QTS versions prior to 5.0.1.2234 build 20221201

Description A vulnerability has been reported to affect QNAP devices running QuTS hero and QTS, allowing remote attackers to inject malicious code. This issue is related to a SQL injection vulnerability. The vulnerability poses a threat to the confidentiality and integrity of the stored data. NAS devices are often targeted by ransomware due to the valuable data they store and their exposure to the Internet.

Recommendations For QuTS hero versions prior to h5.0.1.2248 build 20221215, update to version h5.0.1.2248 build 20221215 or later. For QTS versions prior to 5.0.1.2234 build 20221201, update to version 5.0.1.2234 build 20221201 or later.