Censys, a firm specializing in attack surface management, has identified approximately 30,000 QNAP network-attached storage (NAS) devices that are likely vulnerable to a recently disclosed critical-severity code injection flaw.
Security flaw described as a SQL injection bug that enables remote attackers to inject malicious code into vulnerable NAS devices is tracked as CVE-2022-27596 (CVSS score of 9.8). All devices running QTS 5.0.1 and QuTS hero h5.0.1 are affected by the problem, and according to Censys, there are nearly 30,000 devices online that are using a vulnerable software version.
The company cautions that the actual number of impacted devices may be much higher. 37,000 of the 67,000 hosts that Censys has identified as running QNAP software could not be reached to obtain the version information.
Read More: 30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.