CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-27593

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later

Exploit prediction scoring system (EPSS) score

EPSS Score 0.941

EPSS Ranking 99.9%

CVSS Severity

CVSS v3 Score 10.0

Proposed Action

Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign.

Ransomware Campaign

Known

References

Products affected by CVE-2022-27593

Qnap » Photo Station » Version: N/A

cpe:2.3:a:qnap:photo_station:-
Qnap » Photo Station » Version: 5.2.0

cpe:2.3:a:qnap:photo_station:5.2.0
Qnap » Photo Station » Version: 5.2.1

cpe:2.3:a:qnap:photo_station:5.2.1
Qnap » Photo Station » Version: 5.2.14

cpe:2.3:a:qnap:photo_station:5.2.14
Qnap » Photo Station » Version: 5.2.2

cpe:2.3:a:qnap:photo_station:5.2.2
Qnap » Photo Station » Version: 5.2.3

cpe:2.3:a:qnap:photo_station:5.2.3
Qnap » Photo Station » Version: 5.2.4

cpe:2.3:a:qnap:photo_station:5.2.4
Qnap » Photo Station » Version: 5.2.5

cpe:2.3:a:qnap:photo_station:5.2.5
Qnap » Photo Station » Version: 5.2.6

cpe:2.3:a:qnap:photo_station:5.2.6
Qnap » Photo Station » Version: 5.2.7

cpe:2.3:a:qnap:photo_station:5.2.7
Qnap » Photo Station » Version: 5.2.8

cpe:2.3:a:qnap:photo_station:5.2.8
Qnap » Photo Station » Version: 5.2.9

cpe:2.3:a:qnap:photo_station:5.2.9
Qnap » Photo Station » Version: 5.3.4

cpe:2.3:a:qnap:photo_station:5.3.4
Qnap » Photo Station » Version: 5.3.5

cpe:2.3:a:qnap:photo_station:5.3.5
Qnap » Photo Station » Version: 5.3.6

cpe:2.3:a:qnap:photo_station:5.3.6
Qnap » Photo Station » Version: 5.4.0

cpe:2.3:a:qnap:photo_station:5.4.0
Qnap » Photo Station » Version: 5.4.1

cpe:2.3:a:qnap:photo_station:5.4.1
Qnap » Photo Station » Version: 5.4.10

cpe:2.3:a:qnap:photo_station:5.4.10
Qnap » Photo Station » Version: 5.4.11

cpe:2.3:a:qnap:photo_station:5.4.11
Qnap » Photo Station » Version: 5.4.12

cpe:2.3:a:qnap:photo_station:5.4.12
Qnap » Photo Station » Version: 5.4.13

cpe:2.3:a:qnap:photo_station:5.4.13
Qnap » Photo Station » Version: 5.4.15

cpe:2.3:a:qnap:photo_station:5.4.15
Qnap » Photo Station » Version: 5.4.2

cpe:2.3:a:qnap:photo_station:5.4.2
Qnap » Photo Station » Version: 5.4.3

cpe:2.3:a:qnap:photo_station:5.4.3
Qnap » Photo Station » Version: 5.4.4

cpe:2.3:a:qnap:photo_station:5.4.4
Qnap » Photo Station » Version: 5.4.5

cpe:2.3:a:qnap:photo_station:5.4.5
Qnap » Photo Station » Version: 5.4.6

cpe:2.3:a:qnap:photo_station:5.4.6
Qnap » Photo Station » Version: 5.4.7

cpe:2.3:a:qnap:photo_station:5.4.7
Qnap » Photo Station » Version: 5.4.8

cpe:2.3:a:qnap:photo_station:5.4.8
Qnap » Photo Station » Version: 5.4.9

cpe:2.3:a:qnap:photo_station:5.4.9
Qnap » Photo Station » Version: 5.6.0

cpe:2.3:a:qnap:photo_station:5.6.0
Qnap » Photo Station » Version: 5.6.1

cpe:2.3:a:qnap:photo_station:5.6.1
Qnap » Photo Station » Version: 5.6.2

cpe:2.3:a:qnap:photo_station:5.6.2
Qnap » Photo Station » Version: 5.6.3

cpe:2.3:a:qnap:photo_station:5.6.3
Qnap » Photo Station » Version: 5.7.0

cpe:2.3:a:qnap:photo_station:5.7.0
Qnap » Photo Station » Version: 5.7.1

cpe:2.3:a:qnap:photo_station:5.7.1
Qnap » Photo Station » Version: 5.7.11

cpe:2.3:a:qnap:photo_station:5.7.11
Qnap » Photo Station » Version: 5.7.12

cpe:2.3:a:qnap:photo_station:5.7.12
Qnap » Photo Station » Version: 5.7.13

cpe:2.3:a:qnap:photo_station:5.7.13
Qnap » Photo Station » Version: 5.7.14

cpe:2.3:a:qnap:photo_station:5.7.14
Qnap » Photo Station » Version: 5.7.15

cpe:2.3:a:qnap:photo_station:5.7.15
Qnap » Photo Station » Version: 5.7.16

cpe:2.3:a:qnap:photo_station:5.7.16
Qnap » Photo Station » Version: 5.7.18

cpe:2.3:a:qnap:photo_station:5.7.18
Qnap » Photo Station » Version: 5.7.2

cpe:2.3:a:qnap:photo_station:5.7.2
Qnap » Photo Station » Version: 5.7.3

cpe:2.3:a:qnap:photo_station:5.7.3
Qnap » Photo Station » Version: 5.7.4

cpe:2.3:a:qnap:photo_station:5.7.4
Qnap » Photo Station » Version: 5.7.5

cpe:2.3:a:qnap:photo_station:5.7.5
Qnap » Photo Station » Version: 5.7.6

cpe:2.3:a:qnap:photo_station:5.7.6
Qnap » Photo Station » Version: 6.0.0

cpe:2.3:a:qnap:photo_station:6.0.0
Qnap » Photo Station » Version: 6.0.1

cpe:2.3:a:qnap:photo_station:6.0.1
Qnap » Photo Station » Version: 6.0.10

cpe:2.3:a:qnap:photo_station:6.0.10
Qnap » Photo Station » Version: 6.0.11

cpe:2.3:a:qnap:photo_station:6.0.11
Qnap » Photo Station » Version: 6.0.12

cpe:2.3:a:qnap:photo_station:6.0.12
Qnap » Photo Station » Version: 6.0.13

cpe:2.3:a:qnap:photo_station:6.0.13
Qnap » Photo Station » Version: 6.0.14

cpe:2.3:a:qnap:photo_station:6.0.14
Qnap » Photo Station » Version: 6.0.15

cpe:2.3:a:qnap:photo_station:6.0.15
Qnap » Photo Station » Version: 6.0.16

cpe:2.3:a:qnap:photo_station:6.0.16
Qnap » Photo Station » Version: 6.0.17

cpe:2.3:a:qnap:photo_station:6.0.17
Qnap » Photo Station » Version: 6.0.18

cpe:2.3:a:qnap:photo_station:6.0.18
Qnap » Photo Station » Version: 6.0.19

cpe:2.3:a:qnap:photo_station:6.0.19
Qnap » Photo Station » Version: 6.0.2

cpe:2.3:a:qnap:photo_station:6.0.2
Qnap » Photo Station » Version: 6.0.20

cpe:2.3:a:qnap:photo_station:6.0.20
Qnap » Photo Station » Version: 6.0.22

cpe:2.3:a:qnap:photo_station:6.0.22
Qnap » Photo Station » Version: 6.0.3

cpe:2.3:a:qnap:photo_station:6.0.3
Qnap » Photo Station » Version: 6.0.5

cpe:2.3:a:qnap:photo_station:6.0.5
Qnap » Photo Station » Version: 6.0.6

cpe:2.3:a:qnap:photo_station:6.0.6
Qnap » Photo Station » Version: 6.0.7

cpe:2.3:a:qnap:photo_station:6.0.7
Qnap » Photo Station » Version: 6.0.8

cpe:2.3:a:qnap:photo_station:6.0.8
Qnap » Photo Station » Version: 6.0.9

cpe:2.3:a:qnap:photo_station:6.0.9
Qnap » Qts » Version: 4.2.6

cpe:2.3:o:qnap:qts:4.2.6
Qnap » Qts » Version: 4.3.3

cpe:2.3:o:qnap:qts:4.3.3
Qnap » Qts » Version: 4.3.6

cpe:2.3:o:qnap:qts:4.3.6
Qnap » Qts » Version: 4.5.1

cpe:2.3:o:qnap:qts:4.5.1
Qnap » Qts » Version: 4.5.1.1456

cpe:2.3:o:qnap:qts:4.5.1.1456
Qnap » Qts » Version: 4.5.1.1461

cpe:2.3:o:qnap:qts:4.5.1.1461
Qnap » Qts » Version: 4.5.1.1465

cpe:2.3:o:qnap:qts:4.5.1.1465
Qnap » Qts » Version: 4.5.1.1480

cpe:2.3:o:qnap:qts:4.5.1.1480
Qnap » Qts » Version: 4.5.1.1495

cpe:2.3:o:qnap:qts:4.5.1.1495
Qnap » Qts » Version: 4.5.1.1540

cpe:2.3:o:qnap:qts:4.5.1.1540
Qnap » Qts » Version: 4.5.2

cpe:2.3:o:qnap:qts:4.5.2
Qnap » Qts » Version: 4.5.2.1566

cpe:2.3:o:qnap:qts:4.5.2.1566
Qnap » Qts » Version: 4.5.2.1594

cpe:2.3:o:qnap:qts:4.5.2.1594
Qnap » Qts » Version: 4.5.2.1630

cpe:2.3:o:qnap:qts:4.5.2.1630
Qnap » Qts » Version: 4.5.3

cpe:2.3:o:qnap:qts:4.5.3
Qnap » Qts » Version: 4.5.3.1652

cpe:2.3:o:qnap:qts:4.5.3.1652
Qnap » Qts » Version: 4.5.3.1670

cpe:2.3:o:qnap:qts:4.5.3.1670
Qnap » Qts » Version: 4.5.3.1697

cpe:2.3:o:qnap:qts:4.5.3.1697
Qnap » Qts » Version: 4.5.4

cpe:2.3:o:qnap:qts:4.5.4
Qnap » Qts » Version: 4.5.4.1715

cpe:2.3:o:qnap:qts:4.5.4.1715
Qnap » Qts » Version: 4.5.4.1723

cpe:2.3:o:qnap:qts:4.5.4.1723
Qnap » Qts » Version: 4.5.4.1741

cpe:2.3:o:qnap:qts:4.5.4.1741
Qnap » Qts » Version: 4.5.4.1787

cpe:2.3:o:qnap:qts:4.5.4.1787
Qnap » Qts » Version: 4.5.4.1800

cpe:2.3:o:qnap:qts:4.5.4.1800
Qnap » Qts » Version: 4.5.4.1892

cpe:2.3:o:qnap:qts:4.5.4.1892
Qnap » Qts » Version: 4.5.4.1931

cpe:2.3:o:qnap:qts:4.5.4.1931
Qnap » Qts » Version: 4.5.4.1991

cpe:2.3:o:qnap:qts:4.5.4.1991
Qnap » Qts » Version: 4.5.4.2012

cpe:2.3:o:qnap:qts:4.5.4.2012
Qnap » Qts » Version: 5.0.0

cpe:2.3:o:qnap:qts:5.0.0
Qnap » Qts » Version: 5.0.1

cpe:2.3:o:qnap:qts:5.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-27593

Products

Pricing

Contact Us