Search

Security ID : QSA-23-04

Vulnerability in QVPN Device Client for Windows

  • Release date : July 28, 2023

  • CVE identifier : CVE-2022-27595

  • Affected products: QVPN Device Client for Windows

Severity

Important

Status

Resolved

Summary

An insecure library loading vulnerability has been reported to affect devices running QVPN Device Client for Windows. If exploited, this vulnerability allows local authenticated users to execute code through insecure library loading.

We have already fixed the vulnerability in the following versions:

  • QVPN Device Client for Windows, version 2.0.0.1316 and later 

QVPN Device Client for macOS, Android, and iOS are not affected.

Recommendation

To secure your device, we recommend regularly updating your QNAP utilities to the latest versions to benefit from vulnerability fixes. You can check the QNAP Utilities page to see the latest updates available to your device operating system.

Attachment

Acknowledgements: Runzi Zhao, Security Researcher, QI-ANXIN

Revision History:
V1.0 (July 28, 2023) - Published

Chọn thông số kỹ thuật

      Xem thêm Thu gọn

      Choose Your Country or Region

      open menu
      back to top