CVE-2022-27593

Critical · CVSS 10EPSS 87.9%CISA KEVCWE-610

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later

References

NVD MITRE CVE.org CISA KEV

Published Sep 8, 2022

Community ground truth

Community verdict

3 verdicts

Not a real issue

to add your verdict.

Community real-world severity: Critical (Critical 3) — CVSS base score 10

In line with its CVSS base score.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

No notes yet — be the first to share what you saw or a fix that worked.

Same weakness — CWE-610.

CVE-2022-30190CVSS 7.8KEVEPSS 99%
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.

CVE-2022-27593

Community ground truth

Field notes & remediation

Related CVEs