Patch Critical Bug Now: QNAP NAS Devices Ripe for the Slaughter

QNAP NAS devices are vulnerable to CVE-2022-27596, which allows unauthenticated, remote SQL code injection.

Dark Reading Staff, Dark Reading

February 2, 2023

1 Min Read
computer code with a magnifying glass superimposed and an insect emerging from it
Source: hunt ronstik via Alamy Stock Photo


A critical security vulnerability in QNAP's QTS operating system for network-attached storage (NAS) devices could allow cyberattackers to inject malicious code into devices remotely, with no authentication required.

The issue (CVE-2022-27596) is a SQL injection problem that affects QNAP QTS devices running version 5.0.1, and Q,uTS Hero version h5.0.1. It carries a score of 9.8 out of 10 on the CVSS vulnerability-severity scale.

In its advisory this week, QNAP said the bug has a low attack complexity, which, when combined with the popularity of QNAP NAS as a target for Deadbolt ransomware and other threats, could make for imminent exploitation in the wild. 

"If the exploit is published and weaponized, it could spell trouble to...QNAP users," Censys researchers warned in an analysis of the bug. "Everyone must upgrade their QNAP devices immediately to be safe from future ransomware campaigns."

Since publication, QNAP updated its advisory to state the following: "QTS 5.0.0, QTS 4.x.x, QuTS hero 5.0.0 and QuTS hero 4.5.x are not affected.” Dark Reading had previously reported on an analysis from Censys that found there to be more than 30,000 hosts running a vulnerable version of the QNAP-based system. However, with the revision, that is no longer the case.

"With this new wording, the exposure is less extreme," according to Censys' revised blog post. "It narrows down the number of affected versions to just a very small number of devices."

This post was updated on Feb. 3 at 6 p.m. ET.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights