CVE-2022-27593

Description

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later

NVD
Severity: CRITICAL
CVE ID: CVE-2022-27593
CVSS Score: 9.1
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

QNAP Systems, Inc.
Severity: CRITICAL
CVE ID: CVE-2022-27593
CVSS Score: 10.0
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2022-27593

Refrence: Project Discovery GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept