Patch Now: QNAP Security Update for CVE-2022-27596

February 1st, 2023

A critical SQL injection flaw in QNAP appliances (CVE-2022-27596) was disclosed on January 30th. Exploitation would result in the unauthenticated remote execution of injected malicious code. While the flaw has not been observed being exploited in the wild at this time, MSPs should expect that when an exploit is available it will lead to ransomware attacks. The Deadbolt ransomware group is well known for targeting QNAP NAS devices. Censys, a security company that conducts internet attack surface mapping, estimates nearly 30,000 vulnerable QNAP appliances that are internet facing are exposed to future exploitation. MSPs that operate, or assist SMBs in operating, affected QNAP NAS appliances should PATCH NOW.

-Kaseya Vulnerability Management Team

Security Advisories Archives

RSS Feed

To View the RSS Feed of our advisory postings, please input this link into your feed reader.

audIT

Powered Services Pro

BMS

ConnectBooster

Datto Autotask PSA

BMS

Datto Autotask PSA

Vorex

BullPhish ID

Dark Web ID

Datto Autotask PSA

Datto Backup Appliances

Datto Backup for Microsoft Azure

Datto RMM

Datto Secure Edge

IT Glue

Managed SOC

VSA

vPenTest

Datto Backup Appliances

Unitrends Backup Appliances

Datto Backup for Microsoft Azure

Unitrends Backup for Microsoft Azure

Datto Edge Routers

Datto Secure Edge

Datto Switches

Datto WiFi

Datto Endpoint Backup with Disaster Recovery

Datto File Protection

Unitrends Endpoint Backup with Disaster Recovery

Datto RMM

VSA

Traverse

Graphus

IT Glue

MyGlue

Network Glue

Network Detective Pro

vPenTest

Datto Networking and VSA 10: Your Shortcut to Smarter Networks

What Is Allowlisting?

Automating Foundational Cybersecurity with VSA

Security Advisory

Patch Now: QNAP Security Update for CVE-2022-27596