Qnap Security Advisory QSA-22-07 on Resolved Vulnerability in QVR

Qnap Systems, Inc. had published a security advisory concerning the resolved vulnerability in QVR

Release date: May 6, 2022
Security ID: QSA-22-07
Severity: Critical
CVE identifier: CVE-2022-27588
Affected products: Qnap VS Series NVR
Status: Resolved

Summary
A vulnerability has been reported to affect the company’s VS Series NVR running QVR. If exploited, this vulnerability allows remote attackers to run arbitrary commands.

The firm have already fixed vulnerability in following versions of QVR:

• QVR 5.1.6 build 20220401 and later

Recommendation
To secure your device, we strongly recommend updating your system to the latest version to benefit from vulnerability fixes.

Updating QVR

1. Log on to QVR as administrator.

2. Go to Control Panel > System Settings > Firmware Update.

3. Select the Firmware Update tab.

4. Click Browse… to upload the latest firmware file.
   Tip: Download the latest firmware file for your specific device from the company’s website.

5. Click Update System.
   QVR installs the update.

Acknowledgements: JPCERT/CC
Revision History: V1.0 (May 6, 2022) – Published