CVE-2022-27598

Name of the Vulnerable Software and Affected Versions QNAP QTS versions prior to 5.0.1.2346 build 20230322 QNAP QuTS hero versions prior to h5.0.1.2348 build 20230324 QNAP QuTScloud (affected versions not specified) QNAP QVP (QVR Pro appliances) (affected versions not specified)

Description A vulnerability has been reported to affect QNAP operating systems, allowing remote authenticated administrators to get secret values through an out-of-bounds read. This issue can be exploited by a remote attacker to gain unauthorized access to protected information.

Recommendations For QNAP QTS versions prior to 5.0.1.2346 build 20230322, update to version 5.0.1.2346 build 20230322 or later. For QNAP QuTS hero versions prior to h5.0.1.2348 build 20230324, update to version h5.0.1.2348 build 20230324 or later. For QNAP QuTScloud and QNAP QVP (QVR Pro appliances), at the moment, there is no information about a newer version that contains a fix for this vulnerability.