QNAP has made public a critical vulnerability in its own NAS operating systems QTS and QuTS hero, which is listed under the identifier CVE-2022-27596. QNAP NAS users should check whether an update is available for their system to close the vulnerability as soon as possible.
Since the vulnerability allows attackers to inject malicious code onto the QNAP In order to infiltrate the user's NAS and thus cause considerable damage, a timely update is required. The critical vulnerability affects all QNAP NAS currently running QTS 5.0.1 or QuTS hero h5.0.1. The vulnerability has a severity rating of 9.8 out of 10 as it can easily be exploited remotely by unauthenticated users on the NAS without knowledge of user credentials.
As usual, QNAP does not disclose details of how the attack must be carried out and which component on the NAS is exactly the gateway. However, it appears to be a SQL injection.
Suggested External Content 
External content from < b>Twitter, which complements the article and is recommended by the editors. It can be loaded and hidden again with one click.
Load Twitter embeds I consent to Twitter embeds being loaded. Personal data can be transmitted to Twitter. More on this in the data protection declaration.
CVE-2022-27596 : A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following… https://t.co/wsy6VF4Oxy
— CVE.report (@CVEreport) January 30, 2023
Load Twitter Embeds Privacy Policy
Update for QTS and QuTS hero is available
QNAP is already delivering updates for the two operating system versions. Users must update to QTS 5.0.1.2234 Build 20221201 or newer or QuTS hero h5.0.1.2248 Build 20221215 or newer to close the gap.
Update via NAS or website
To update the software on the QNAP NAS, users must log in as an administrator on the web interface of the NAS and in the control panel Navigate to the Firmware Update entry under System. There you can check whether a new version is available. The update will then be downloaded and installed directly onto the NAS. Alternatively, you can enter your own model in the Download Center on the QNAP website and download the update to then install it on a NAS isolated from the Internet.
NAS are always again the target of large-scale attacks, which often encrypt all data on the NAS and ransom users are demanded for their release. Keeping the operating system of the NAS up to date is therefore particularly important.