First published: Wed Mar 29 2023(Updated: )
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later
Credit: security@qnapsecurity.com.tw security@qnapsecurity.com.tw
Affected Software | Affected Version | How to fix |
---|---|---|
QNAP QTS | <5.0.1.2346 | |
QNAP QuTS hero | <h5.0.1.2348 | |
QNAP QuTScloud | ||
Qnap Qvp-41b Firmware | ||
Qnap Qvp-41b | ||
Qnap Qvp-63b Firmware | ||
Qnap Qvp-63b | ||
Qnap Qvp-85b Firmware | ||
Qnap Qvp-85b | ||
Qnap Qvp-21a Firmware | ||
Qnap Qvp-21a | ||
Qnap Qvp-41a Firmware | ||
Qnap Qvp-41a | ||
Qnap Qvp-63a Firmware | ||
Qnap Qvp-63a | ||
Qnap Qvp-85a Firmware | ||
Qnap Qvp-85a |
We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-27598 is a vulnerability that affects QNAP operating systems and allows remote authenticated administrators to get secret values.
CVE-2022-27598 affects QTS, QuTS hero, QuTScloud, and QVP (QVR Pro appliances) operating systems.
CVE-2022-27598 has a severity rating of low with a score of 2.7.
Remote authenticated administrators can exploit CVE-2022-27598 to gain access to secret values.
To fix CVE-2022-27598, it is recommended to apply the latest security patches and updates provided by QNAP.