Description:

QNAP has published a security advisory to address a vulnerability in QNAP QTS and QNAP QuTS hero. The details of the security updates can be found at:
https://www.qnap.com/en/security-advisory/QSA-23-01

Affected Systems:

• QNAP NAS devices running QTS 5.0.1 operating system
• QNAP NAS devices running QuTS hero h5.0.1 operating system

Impact:

Successful exploitation could lead to remote code execution on an affected system.

Recommendation:

Patches for affected products are available. System administrators of affected products should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

• https://www.qnap.com/en/security-advisory/QSA-23-01
• https://www.hkcert.org/security-bulletin/qnap-nas-remote-code-execution-vulnerability_20230131
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27596