CVE-2022-27593

Known Exploited
DeadBolt Ransomware

Description

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later

Remediation

Solution:

  • QNAP have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later

Category

10.0
CVSS
Severity: Critical
CVSS 3.1 •
EPSS 93.61% Top 5%
KEV Since 
Vendor Advisory qnap.com
Affected: QNAP Systems Inc. Photo Station
Affected: QNAP Systems Inc. Photo Station
Affected: QNAP Systems Inc. Photo Station
Affected: QNAP Systems Inc. Photo Station
Affected: QNAP Systems Inc. Photo Station
Affected: QNAP Systems Inc. Photo Station
Published at:
Updated at:

References

Link Tags
https://www.qnap.com/en/security-advisory/qsa-22-24 vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-27593?
CVE-2022-27593 has been scored as a critical severity vulnerability.
How to fix CVE-2022-27593?
To fix CVE-2022-27593: QNAP have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later
Is CVE-2022-27593 being actively exploited in the wild?
It is confirmed that CVE-2022-27593 is actively exploited. Be extra cautious if you are using vulnerable components. According to its EPSS score, there is a ~94% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-27593?
CVE-2022-27593 affects QNAP Systems Inc. Photo Station, QNAP Systems Inc. Photo Station, QNAP Systems Inc. Photo Station, QNAP Systems Inc. Photo Station, QNAP Systems Inc. Photo Station, QNAP Systems Inc. Photo Station.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.