Description:
QNAP has published a security advisory to address a vulnerability in QNAP QTS and QNAP QuTS hero. The details of the security updates can be found at:
https://www.qnap.com/en/security-advisory/QSA-23-01
Affected Systems:
- QNAP NAS devices running QTS 5.0.1 operating system
- QNAP NAS devices running QuTS hero h5.0.1 operating system
Impact:
Successful exploitation could lead to remote code execution on an affected system.
Recommendation:
Patches for affected products are available. System administrators of affected products should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
More Information:
- https://www.qnap.com/en/security-advisory/QSA-23-01
- https://www.hkcert.org/security-bulletin/qnap-nas-remote-code-execution-vulnerability_20230131
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27596