CVE-2022-27593
QNAP Photo Station Externally Controlled Reference Vulnerability
CVSS
—
No CVSS
EPSS
87.9%
p100
KEV
YES
Sep 8, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
Product
QNAP / Photo Station
Vulnerability
QNAP Photo Station Externally Controlled Reference Vulnerability
Added to KEV
Sep 8, 2022
Remediate by
Sep 29, 2022
Known ransomware use
Yes
Summary description
Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign.
Required action
Apply updates per vendor instructions.
Notes
https://www.qnap.com/en/security-advisory/qsa-22-24; https://nvd.nist.gov/vuln/detail/CVE-2022-27593