至少29000台设备受到影响威联通公告QTS和QuTS hero存在严重漏洞

IT之家

01 Feb 2023

IT之家 2 月 1 日消息，NAS 厂商威联通（QNAP）近日发布安全公告，表示 QTS 5.0.1 和 QuTS hero h5.0.1 两款软件存在严重漏洞 CVE-2022-27596，允许攻击者在固件中植入恶意代码。

该漏洞在 CVSS v3 评分为 9.8（最高分为 10 分），因此IT之家推荐使用上述两款软件的网友尽快升级。

QNAP 尚未透露有关该漏洞的任何进一步细节。根据 Bleeping Computer 报道，漏洞 CVE-2022-27596 被归类为“SQL 命令中不当使用特殊元素”（SQL 注入）。

运行以下软件版本的设备会受到影响：

QTS 5.x

QuTS hero h5.x

威联通已经修复了上述漏洞，推荐用户升级到：

QTS 5.0.1.2234 build 20221201 及更高版本

QuTS hero h5.0.1.2248 build 20221215 及更高版本

Bleeping Computer 在报告中指出，至少超过 29000 台设备受到影响。Censys 安全研究人员的一份报告进一步指出，在网上发现的 60000 多台 QNAP NAS 设备中，只有大约 550 台打了补丁。

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

1
2
3
4
5
6
7
8
9
10

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2308089702"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2308089702\",edition:\"fundamental\",,,undefined,":{"share":"https://ttm.financial/m/news/2308089702?lang=en_US&edition=fundamental","thumbnail":"","is_english":false,"pubTime":"2023-02-01 14:53","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2308089702","market":"sh","top_or_hot":-1,"title":"至少29000台设备受到影响 威联通公告QTS和QuTS hero存在严重漏洞","media":"IT之家","content":"<html><body><p>IT之家 2 月 1 日消息，NAS 厂商威联通（QNAP）近日发布安全公告，<strong>表示 QTS 5.0.1 和 QuTS hero h5.0.1 两款软件存在严重漏洞 CVE-2022-27596，允许攻击者在固件中植入恶意代码。</strong></p><p><img src=\"https://x0.ifengimg.com/res/2023/E204F1F116B79A529D4392590ECA3EC22E73708A_size158_w1024_h989.jpg\"/></p><p>该漏洞在 CVSS v3 评分为 9.8（最高分为 10 分），因此IT之家推荐使用上述两款软件的网友尽快升级。</p><p>QNAP 尚未透露有关该漏洞的任何进一步细节。根据 Bleeping Computer 报道，漏洞 CVE-2022-27596 被归类为“SQL 命令中不当使用特殊元素”（SQL 注入）。</p><p>运行以下软件版本的设备会受到影响：</p><p>QTS 5.x</p><p>QuTS hero h5.x</p><p>威联通已经修复了上述漏洞，推荐用户升级到：</p><p>QTS 5.0.1.2234 build 20221201 及更高版本</p><p>QuTS hero h5.0.1.2248 build 20221215 及更高版本</p><p>Bleeping Computer 在报告中指出，至少超过 29000 台设备受到影响。Censys 安全研究人员的一份报告进一步指出，在网上发现的 60000 多台 QNAP NAS 设备中，只有大约 550 台打了补丁。</p><p><img src=\"https://x0.ifengimg.com/res/2023/CA046813CB8C6A07D41025DB2EAAB0AE1F145649_size82_w1440_h420.jpg\"/></p></body></html>","source":"fenghuang_stock","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>至少29000台设备受到影响 威联通公告QTS和QuTS hero存在严重漏洞</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\n至少29000台设备受到影响 威联通公告QTS和QuTS hero存在严重漏洞\n</h2>\n\n<h4 class=\"meta\">\n\n\n2023-02-01 14:53 北京时间&nbsp;&nbsp;&nbsp;<a href=https://tech.ifeng.com/c/8N3BC5x90JI><strong>IT之家</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>IT之家 2 月 1 日消息，NAS 厂商威联通（QNAP）近日发布安全公告，表示 QTS 5.0.1 和 QuTS hero h5.0.1 两款软件存在严重漏洞 CVE-2022-27596，允许攻击者在固件中植入恶意代码。该漏洞在 CVSS v3 评分为 9.8（最高分为 10 分），因此IT之家推荐使用上述两款软件的网友尽快升级。QNAP 尚未透露有关该漏洞的任何进一步细节。根据 ...</p>\n\n<a href=\"https://tech.ifeng.com/c/8N3BC5x90JI\">Source Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":null,"symbol_name":null,"start_time":0,"source_url":"https://tech.ifeng.com/c/8N3BC5x90JI","article_id":"2308089702","we_media_id":null,"thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2308089702","pubTimestamp":1675234405,"columns":[],"sourceInfo":{"source_id":"fenghuang_stock","name":"凤凰网"},"weMediaInfo":null,"summary":"IT之家 2 月 1 日消息，NAS 厂商威联通 近日发布安全公告，表示 QTS 5.0.1 和 QuTS hero h5.0.1 两款软件存在严重漏洞 CVE-2022-27596，允许攻击者在固件中植入恶意代码。QNAP 尚未透露有关该漏洞的任何进一步细节。Censys 安全研究人员的一份报告进一步指出，在网上发现的 60000 多台 QNAP NAS 设备中，只有大约 550 台打了补丁。","collect":0,"end_time":0,"defaultTopTitle":"ifeng.com","property":[],"viewcount":null,"language":"zh","relate_stocks":{},"translate_title":"At least 29,000 devices are affected. Unicom announced that QTS and QuTS hero have serious vulnerabilities","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"QTS":1},"content_text":"IT之家 2 月 1 日消息，NAS 厂商威联通（QNAP）近日发布安全公告，表示 QTS 5.0.1 和 QuTS hero h5.0.1 两款软件存在严重漏洞 CVE-2022-27596，允许攻击者在固件中植入恶意代码。该漏洞在 CVSS v3 评分为 9.8（最高分为 10 分），因此IT之家推荐使用上述两款软件的网友尽快升级。QNAP 尚未透露有关该漏洞的任何进一步细节。根据 Bleeping Computer 报道，漏洞 CVE-2022-27596 被归类为“SQL 命令中不当使用特殊元素”（SQL 注入）。运行以下软件版本的设备会受到影响：QTS 5.xQuTS hero h5.x威联通已经修复了上述漏洞，推荐用户升级到：QTS 5.0.1.2234 build 20221201 及更高版本QuTS hero h5.0.1.2248 build 20221215 及更高版本Bleeping Computer 在报告中指出，至少超过 29000 台设备受到影响。Censys 安全研究人员的一份报告进一步指出，在网上发现的 60000 多台 QNAP NAS 设备中，只有大约 550 台打了补丁。","kind":"news","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":false,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"symbols":[],"gpt_button":1,"code":"91000000","status":"200"}}}