Shulou(Shulou.com)11/24 Report--

CTOnews.com February 1 news, NAS manufacturer QNAP recently issued a security announcement, saying that QTS 5.0.1 and QuTS hero h5.0.1 software has a serious vulnerability CVE-2022-27596, allowing attackers to plant malicious code in the firmware.

The vulnerability has a score of 9.8 in CVSS v3 (with a maximum score of 10), so CTOnews.com recommends netizens who use the above two software to upgrade as soon as possible.

QNAP has not disclosed any further details about the vulnerability. According to Bleeping Computer, vulnerability CVE-2022-27596 is classified as "improper use of special elements in SQL commands" (SQL injection).

Devices running the following software versions are affected:

QTS 5.x

QuTS hero h5.x

WeiUnicom has fixed the above vulnerabilities, and users are recommended to upgrade to:

QTS 5.0.1.2234 build 20221201 and later

QuTS hero h5.0.1.2248 build 20221215 and later

Bleeping Computer pointed out in the report that at least 29000 facilities were affected. A report by Censys security researchers further pointed out that of the more than 60000 QNAP NAS devices found online, only about 550were patched.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.