CVE-2022-27593

Summary

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later

Affected Software

VendorProductVersion RangeStatus
QNAP Systems Inc.Photo Stationunspecified < 6.1.2affected
QNAP Systems Inc.Photo Stationunspecified < 6.0.22affected
QNAP Systems Inc.Photo Stationunspecified < 6.0.22affected
QNAP Systems Inc.Photo Stationunspecified < 5.7.18affected
QNAP Systems Inc.Photo Stationunspecified < 5.4.15affected
QNAP Systems Inc.Photo Stationunspecified < 5.2.14affected

Weaknesses

  • CWE-610: CWE-610 Externally Controlled Reference to a Resource in Another Sphere

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: partial

Additional References

References