Security ID : QSA-23-08

Vulnerability in QVR Pro Client


  • Release date : September 8, 2023

  • CVE identifier : CVE-2022-27599

  • Affected products: QVR Pro Client 2.3

Severity

Moderate

Status

Resolved


Summary

An insertion of sensitive information into log file vulnerability has been reported to affect QVR Pro Client. If exploited, the vulnerability could provide local authenticated administrators with a less-protected path to acquire information via unspecified vectors.

We have already fixed the vulnerability in the following version:

  • QVR Pro Client 2.3.0.0420 and later

Recommendation

To secure your device, we recommend regularly updating your system and applications to their latest versions to benefit from vulnerability fixes. 

Updating QVR Pro Client

To download the latest version of QVR Pro Client for your operating system, please visit https://www.qnap.com/en/utilities/surveillance/.

Attachment

Acknowledgements: Runzi Zhao, Security Researcher, QI-ANXIN

Revision History:
V1.0 (September 08, 2023) - Published

仕様を選択

      もっと見る 閉じる

      当ページを他の国/地域で見る:

      気軽にお問い合わせ! show inquiry button
      open menu
      back to top