PT-2023-3936 · Qnap · Qutscloud+2

Huasheng_Mangguo

Published

2023-07-28

Updated

2024-12-19

CVE-2022-27600

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.0.1.2277 QTS versions prior to 4.5.4.2280 build 20230112 QuTS hero versions prior to h5.0.1.2277 build 20230112 QuTS hero versions prior to h4.5.4.2374 build 20230417 QuTScloud versions prior to c5.0.1.2374

Description An uncontrolled resource consumption issue affects several QNAP operating system versions. If exploited, this could allow remote attackers to launch a denial-of-service (DoS) attack.

Recommendations For QTS versions prior to 5.0.1.2277, update to version 5.0.1.2277 or later. For QTS versions prior to 4.5.4.2280 build 20230112, update to version 4.5.4.2280 build 20230112 or later. For QuTS hero versions prior to h5.0.1.2277 build 20230112, update to version h5.0.1.2277 build 20230112 or later. For QuTS hero versions prior to h4.5.4.2374 build 20230417, update to version h4.5.4.2374 build 20230417 or later. For QuTScloud versions prior to c5.0.1.2374, update to version c5.0.1.2374 or later.

Fix

Using Hardcoded Credentials

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798CWE-400

Related Identifiers

BDU:2023-04231

CVE-2022-27600

Affected Products

Qts

Quts Hero

Qutscloud

PT-2023-3936 · Qnap · Qutscloud+2

CVE-2022-27600

Weakness Enumeration

Related Identifiers

Affected Products

References · 8