Vulnerability in Qnap Systems Inc. Photo Station
CVE-2022-27593
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the fo…
EPSS: 0.938 (99.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H.
Affected products
- Qnap Systems Inc. Photo Station — versions unspecified
Weakness classification (CWE)
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply updates per vendor instructions.
Known ransomware campaign use: yes.
Public proof-of-concept exploits
References
- www.qnap.com/en/security-advisory/qsa-22-24 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2022-27593?
- CVE-2022-27593 is a critical-severity vulnerability in Qnap Systems Inc. Photo Station, classified under Externally Controlled Reference to a Resource in Another Sphere. CVSS score: 10.0/10. Published 2022-09-08.
- How severe is CVE-2022-27593?
- Critical severity. CVSS v3 base score is 10.0 out of 10.
- Is CVE-2022-27593 known to be exploited?
- Yes. CVE-2022-27593 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2022-09-08), indicating it is being actively exploited. 5 public proof-of-concept repositories are indexed.