The company QNAP, which primarily appears as a NAS manufacturer, is struggling with a particularly serious security gap. This should now be fixed – an update is strongly recommended.
The NAS manufacturer QNAP is affected by a critical vulnerability that allows attackers to use relatively simple means to install malicious code via the respective NAS devices. Due to the ease of access to the relevant devices and the potential severity of exploitation, the vulnerability identified as CVE-2022-27596 has a CVSS score of 9.8 and is therefore considered serious.
In concrete terms, cybercriminals can use the vulnerability to penetrate the NAS system with a few targeted attacks without the user having to interact in any way. According to QNAP, the gap itself occurs in the firmware versions QTS 5.0.1 and QuTS Hero h5.0.1.
It is not yet known whether the vulnerability has been actively exploited. QNAP itself already has an update on its official website made available, which should fix the vulnerability. According to the company, this should be installed on any NAS devices as soon as possible in order to protect the respective servers.
To update to the secure firmware version, users must log in to QTS or QuTS Hero as an administrator. Via the path “Control Panel” > “System” > “Firmware Update” you get to the menu item “Live Update”. Here you will find the “Check for update” function, with which QNAP automatically finds and installs the current update, which is supposed to fix the CVE-2022-27596 vulnerability.
Continue to home page