PULSE
LIVE45signals / 24h
FEED
ransomincransom reclama a Kyokuto Kaihatsu Kogyo · JP · Manufacturingransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Servicesransomkrybit reclama a eitzchaim.com · IL · Not Foundransomkrybit reclama a formasuniversales.com · MX · Business Servicesransomkrybit reclama a rehabmalaysia.com · MY · Healthcareransomkrybit reclama a www.lagus.cz · CZ · Business Servicesransomgunra reclama a Dissinger and Dissinger Law Firm · US · Business Servicesransomplay reclama a Boston Electric and Telephone · US · Telecommunicationransomplay reclama a Wring Group · GB · Not Foundransomincransom reclama a asa-international.com · GB · Business Servicesransomplay reclama a AG Scholtes · NL · Manufacturingransomplay reclama a Andorra Life · AD · Healthcareransomincransom reclama a Kyokuto Kaihatsu Kogyo · JP · Manufacturingransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Servicesransomkrybit reclama a eitzchaim.com · IL · Not Foundransomkrybit reclama a formasuniversales.com · MX · Business Servicesransomkrybit reclama a rehabmalaysia.com · MY · Healthcareransomkrybit reclama a www.lagus.cz · CZ · Business Servicesransomgunra reclama a Dissinger and Dissinger Law Firm · US · Business Servicesransomplay reclama a Boston Electric and Telephone · US · Telecommunicationransomplay reclama a Wring Group · GB · Not Foundransomincransom reclama a asa-international.com · GB · Business Servicesransomplay reclama a AG Scholtes · NL · Manufacturingransomplay reclama a Andorra Life · AD · Healthcare
← All CVEs
CVE Watch

CVE-2022-27593

QNAP Photo Station Externally Controlled Reference Vulnerability

CVSS

No CVSS

EPSS

87.9%

p100

KEV

YES

Sep 8, 2022

Exploit Today

80

0-100

Published: · Last modified:

EPSS · 30d
87.9%EPSS · 30 days87.9%
2026-06-302026-07-16
KEV catalog record

Product

QNAP / Photo Station

Vulnerability

QNAP Photo Station Externally Controlled Reference Vulnerability

Added to KEV

Sep 8, 2022

Remediate by

Sep 29, 2022

Known ransomware use

Yes

Summary description

Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign.

Required action

Apply updates per vendor instructions.

Notes

https://www.qnap.com/en/security-advisory/qsa-22-24; https://nvd.nist.gov/vuln/detail/CVE-2022-27593

Related CVEs
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2019-7192
99.8%
KEV80QNAP Photo Station Improper Access Control Vulnerability
CVE-2019-7195
99.8%
KEV80QNAP Photo Station Path Traversal Vulnerability
CVE-2019-7194
99.6%
KEV80QNAP Photo Station Path Traversal Vulnerability