CVE-2022-27595

HIGH

Qnap Qvpn < 2.0.0.1316 - Uncontrolled Search Path

Title source: rule

Description

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windows 2.0.0.1316 and later QVPN Windows 2.0.0.1310 and later

References (1)

[Vendor Advisory] https://www.qnap.com/en/security-advisory/qsa-23-04

Scores

CVSS v3 7.8

EPSS 0.0007

EPSS Percentile 22.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

qnap/qvpn < 2.0.0.1316

Timeline

Published Dec 19, 2024

Tracked Since Feb 18, 2026