Multiple vulnerabilities in QNAP devices running Samba
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2022-3437 CVE-2022-3592 |
| CWE-ID | CWE-122 CWE-61 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
QuTScloud Operating systems & Components / Operating system QVP (QVR Pro appliances) Hardware solutions / Firmware QuTS hero Hardware solutions / Firmware QVR Client/Desktop applications / Other client software QNAP QTS Server applications / File servers (FTP/HTTP) |
| Vendor | QNAP Systems, Inc. |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU68701
Risk: Low
CVSSv4.0: 0.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-3437
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. A remote user can send specially crafted data to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsQuTScloud: All versions
QVP (QVR Pro appliances): All versions
QVR: All versions
QuTS hero: before h5.0.1.2348 build 20230324
QNAP QTS: before 5.0.1.2346 20230322
CPE2.3- cpe:2.3:o:qnap_systems:qutscloud:*:*:*:*:*:*:*:*
- cpe:2.3:h:qnap_systems:qvp_qvr_pro_appliances:*:*:*:*:*:*:*:*
- cpe:2.3:a:qnap_systems:qvr:*:*:*:*:*:*:*:*
- cpe:2.3:h:qnap_systems:quts-hero:*:*:*:*:*:*:*:*
- cpe:2.3:a:qnap_systems:qnap_qts:*:*:*:*:*:*:*:*
https://www.qnap.com/en/security-advisory/qsa-23-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) UNIX symbolic link following
EUVDB-ID: #VU68700
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-3592
CWE-ID:
CWE-61 - UNIX Symbolic Link (Symlink) Following
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue. A remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS can create symlinks to files outside of the smbd configured share path and access otherwise restricted files on the server.
Install update from vendor's website.
Vulnerable software versionsQuTScloud: All versions
QVP (QVR Pro appliances): All versions
QVR: All versions
QuTS hero: before h5.0.1.2348 build 20230324
QNAP QTS: before 5.0.1.2346 20230322
CPE2.3- cpe:2.3:o:qnap_systems:qutscloud:*:*:*:*:*:*:*:*
- cpe:2.3:h:qnap_systems:qvp_qvr_pro_appliances:*:*:*:*:*:*:*:*
- cpe:2.3:a:qnap_systems:qvr:*:*:*:*:*:*:*:*
- cpe:2.3:h:qnap_systems:quts-hero:*:*:*:*:*:*:*:*
https://www.qnap.com/en/security-advisory/qsa-23-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
