CVE-2022-27593
QNAP Photo Station Externally Controlled Reference Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
YesDecision
Descriptions
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later
Se ha informado una vulnerabilidad de recursos de referencia controlada externamente afecta al QNAP NAS que ejecuta Photo Station. Si se explota, esto podrĂa permitir a un atacante modificar los archivos del sistema. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS versiones 5.0.1: Photo Station versiones 6.1.2 y posteriores QTS versiones 5.0.0/4.5.x: Photo Station versiones 6.0.22 y posteriores QTS versiones 4.3.6: Photo Station versiones 5.7.18 y posteriores QTS versiones 4.3.3: Photo Station versiones 5.4.15 y posteriores QTS versiones 4.2.6: Photo Station versiones 5.2.14 y posteriores
Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-03-21 CVE Reserved
- 2022-09-08 CVE Published
- 2022-09-08 Exploited in Wild
- 2022-09-29 KEV Due Date
- 2024-09-16 CVE Updated
- 2024-09-21 EPSS Updated
- ---------- First Exploit
CWE
- CWE-610: Externally Controlled Reference to a Resource in Another Sphere
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.qnap.com/en/security-advisory/qsa-22-24 | 2022-09-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qnap Search vendor "Qnap" | Photo Station Search vendor "Qnap" for product "Photo Station" | < 5.2.14 Search vendor "Qnap" for product "Photo Station" and version " < 5.2.14" | - |
Affected
| in | Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.2.6 Search vendor "Qnap" for product "Qts" and version "4.2.6" | - |
Safe
|
| Qnap Search vendor "Qnap" | Photo Station Search vendor "Qnap" for product "Photo Station" | < 5.4.15 Search vendor "Qnap" for product "Photo Station" and version " < 5.4.15" | - |
Affected
| in | Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.3 Search vendor "Qnap" for product "Qts" and version "4.3.3" | - |
Safe
|
| Qnap Search vendor "Qnap" | Photo Station Search vendor "Qnap" for product "Photo Station" | < 5.7.18 Search vendor "Qnap" for product "Photo Station" and version " < 5.7.18" | - |
Affected
| in | Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 4.3.6 Search vendor "Qnap" for product "Qts" and version "4.3.6" | - |
Safe
|
| Qnap Search vendor "Qnap" | Photo Station Search vendor "Qnap" for product "Photo Station" | < 6.0.22 Search vendor "Qnap" for product "Photo Station" and version " < 6.0.22" | - |
Affected
| in | Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | >= 4.5.1 <= 4.5.4.2012 Search vendor "Qnap" for product "Qts" and version " >= 4.5.1 <= 4.5.4.2012" | - |
Safe
|
| Qnap Search vendor "Qnap" | Photo Station Search vendor "Qnap" for product "Photo Station" | < 6.0.22 Search vendor "Qnap" for product "Photo Station" and version " < 6.0.22" | - |
Affected
| in | Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.0.0 Search vendor "Qnap" for product "Qts" and version "5.0.0" | - |
Safe
|
| Qnap Search vendor "Qnap" | Photo Station Search vendor "Qnap" for product "Photo Station" | < 6.1.2 Search vendor "Qnap" for product "Photo Station" and version " < 6.1.2" | - |
Affected
| in | Qnap Search vendor "Qnap" | Qts Search vendor "Qnap" for product "Qts" | 5.0.1 Search vendor "Qnap" for product "Qts" and version "5.0.1" | - |
Safe
|