CVE-2022-27592
MEDIUMQVR Smart Client 2.4.0-2.4.0.0570 - Authenticated Unquoted Search Path or Element
Title source: llmDescription
An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors. We have already fixed the vulnerability in the following version: Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later
References (1)
Core 1
Core References
Vendor Advisory
https://www.qnap.com/en/security-advisory/qsa-24-22
Scores
CVSS v3
6.7
EPSS
0.0019
EPSS Percentile
9.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-428
Status
published
Products (1)
qnap/qvr_smart_client
2.4.0 - 2.4.0.0570
Published
Sep 06, 2024
Tracked Since
Feb 18, 2026