Qnap Security Advisory QSA-22-07 on Resolved Vulnerability in QVR
Already fixed vulnerability in following versions of QVR 5.1.6 build 20220401 and later
This is a Press Release edited by StorageNewsletter.com on May 12, 2022 at 2:01 pmQnap Systems, Inc. had published a security advisory concerning the resolved vulnerability in QVR
Release date: May 6, 2022
Security ID: QSA-22-07
Severity: Critical
CVE identifier: CVE-2022-27588
Affected products: Qnap VS Series NVR
Status: Resolved
Summary
A vulnerability has been reported to affect the company’s VS Series NVR running QVR. If exploited, this vulnerability allows remote attackers to run arbitrary commands.
The firm have already fixed vulnerability in following versions of QVR:
- QVR 5.1.6 build 20220401 and later
Recommendation
To secure your device, we strongly recommend updating your system to the latest version to benefit from vulnerability fixes.
Updating QVR
-
Log on to QVR as administrator.
-
Go to Control Panel > System Settings > Firmware Update.
-
Select the Firmware Update tab.
-
Click Browse… to upload the latest firmware file.
Tip: Download the latest firmware file for your specific device from the company’s website. -
Click Update System.
QVR installs the update.
Acknowledgements: JPCERT/CC
Revision History: V1.0 (May 6, 2022) – Published