CVE-2022-27593

CRITICAL KEV RANSOMWARE NUCLEI

QNAP NAS - Path Traversal

Title source: llm

Description

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later

Nuclei Templates (1)

QNAP QTS Photo Station External Reference - Local File Inclusion

CRITICALVERIFIEDby allenwest24

Shodan: title:"QNAP" || http.title:"photo station" || http.title:"qnap" || content-length: 580 "http server 1.0"

FOFA: title="photo station" || title="qnap"

References (2)

[Vendor Advisory] https://www.qnap.com/en/security-advisory/qsa-22-24

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-27593

Scores

CVSS v3 10.0

EPSS 0.9312

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

Details

CISA KEV 2022-09-08

VulnCheck KEV 2022-09-03

InTheWild.io 2022-09-03

ENISA EUVD EUVD-2022-32094

Ransomware Use Confirmed

CWE

CWE-610

Status published

Products (1)

qnap/photo_station < 5.2.14

Published Sep 08, 2022

KEV Added Sep 08, 2022

Tracked Since Feb 18, 2026