Qnap Resolved Vulnerability in QVPN Device Client for Windows
Company recommends regularly updating Qnap utilities to latest versions to benefit from vulnerability fixes.
This is a Press Release edited by StorageNewsletter.com on August 2, 2023 at 2:00 pmQnap Systems, Inc. had published a security advisory concerning resolved vulnerability in QVPN device client for Windows.
Release date: July 28, 2023
Security ID: QSA-23-04
Severity: High
CVE identifier: CVE-2022-27595
Affected products: QVPN Device Client for Windows
Status: Resolved
Summary
An insecure library loading vulnerability has been reported to affect devices running QVPN Device Client for Windows. If exploited, this vulnerability allows local authenticated users to execute code through insecure library loading.
The company have already fixed vulnerability in following versions:
-
QVPN Device Client for Windows, version 2.0.0.1316 and later
QVPN Device Client for macOS, Android, and iOS are not affected.
Recommendation
To secure your device, the company recommend regularly updating your Qnap utilities to the latest versions to benefit from vulnerability fixes. You can check the Qnap Utilities page to see the latest updates available to your device OS.
Attachment
Acknowledgements: Runzi Zhao, Security Researcher, QI-ANXIN
Revision History:
V1.0 (July 28, 2023) – Published
Subscribe to our free daily newsletter
