vulnerability

QNAP Photostation: CVE-2022-27593: Externally Controlled Reference to a Resource in Another Sphere

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:P/I:C/A:C)	Sep 8, 2022	Apr 17, 2025	Apr 21, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:C/A:C)

Published

Sep 8, 2022

Added

Apr 17, 2025

Modified

Apr 21, 2025

Description

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later

Solution

qnap-photostation-obsolete

References

CVE-2022-27593
https://attackerkb.com/topics/CVE-2022-27593
URL-https://www.qnap.com/en/security-advisory/qsa-22-24

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today