The vulnerability, tracked as CVE-2022-27596, could allow a remote threat actor to take control of the system by injecting malicious code into affected QNAP NAS devices. Exploiting the vulnerability does not require user interaction or privileges. The vulnerability affects firmware versions QTS 5.0.1 and QuTS hero h5.0.1.
QNAP Released Security Updates
It has released security updates that fix the vulnerability. In order not to be the target of attacks that can be carried out using the vulnerability, it is recommended to immediately apply the published QTS or QuTS hero firmware updates.