QNAP, Taiwanese maker of network-attached storage (NAS) units, on Friday launched safety updates to patch 9 safety weaknesses, together with a important difficulty that might be exploited to take over an affected system.
“A vulnerability has been reported to affect QNAP VS Series NVR running QVR,” QNAP mentioned in an advisory. “If exploited, this vulnerability allows remote attackers to run arbitrary commands.”
Tracked as CVE-2022-27588 (CVSS rating: 9.8), the vulnerability has been addressed in QVR 5.1.6 construct 20220401 and later. Credited with reporting the flaw is the Japan Computer Emergency Response Team Coordination Center (JPCERT/CC).
Aside from the important shortcoming, QNAP has additionally resolved three high-severity and 5 medium-severity bugs in its software program –