CVE-2022-27593: QNAP Photo Station Externally Controlled Reference
QNAP Photo Station Externally Controlled Reference Vulnerability. Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign.
- CISA KEV-listed (remediation due 2022-09-29)
- used in ransomware campaigns
- EPSS 93.8% (99.9% percentile)