QNAP has released security updates and workarounds to patch nine security vulnerabilities (CVE-2022-27588, CVE-2021-38693, CVE-2021-44055, CVE-2021-44056, CVE-2021-44057, CVE-2021-44051, CVE-2021-44052, CVE-2021-44053, CVE-2021-44054) affecting its network-attached storage (NAS) devices and QVR video surveillance solution. An attacker could exploit these vulnerabilities to compromise the security of the system, run arbitrary commands, traverse the file system to unintended locations, inject malicious code, redirect users to an untrusted page and access sensitive data.

More information on vulnerabilities and updates is available in QNAP security advisories:

• QSA-22-07
• QSA-22-13
• QSA-22-14
• QSA-22-15
• QSA-22-16