This week, network-attached storage (NAS) device manufacturer QNAP Systems issued a warning regarding a serious vulnerability that could allow attackers to inject malicious code.
The Taiwan-based company makes a variety of networking equipment in addition to its NAS appliances and expert network video recorder (NVR) solutions. The recently discovered vulnerability, tracked as CVE-2022-27596 (CVSS score of 9.8), is described as a SQL injection flaw affecting QuTS hero and QTS. “QNAP devices running QTS 5.0.1 and QuTS Hero h5.0.1 are said to be vulnerable.
According to QNAP’s advisory, if exploited, this vulnerability enables remote attackers to inject malicious code. As QNAP appliances have long been a favorite of cybercriminals, users are advised to update them as soon as possible.
Read More: Critical QNAP Vulnerability Leads to Code Injection
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.