{"vulnerability": "cve-2022-2759", "sightings": [{"uuid": "560e3689-14dd-4c20-b4a0-369e168b4268", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "831fa3b1-2284-47f9-a8a7-b8338e5cd1af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27595", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113677066751702938", "content": "", "creation_timestamp": "2024-12-19T02:13:03.343888Z"}, {"uuid": "9a473914-767d-4a46-b403-99ce659a0585", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971707", "content": "", "creation_timestamp": "2024-12-24T20:33:04.063168Z"}, {"uuid": "c82bdeca-e102-42d5-a713-c05c320d96f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-10-31)", "content": "", "creation_timestamp": "2024-10-31T00:00:00.000000Z"}, {"uuid": "de4fa1df-7a77-4173-8524-269b8c91561d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-12-20)", "content": "", "creation_timestamp": "2024-12-20T00:00:00.000000Z"}, {"uuid": "f3f3fbd0-241e-4d29-b39c-fe14cb165f15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-27)", "content": "", "creation_timestamp": "2025-02-27T00:00:00.000000Z"}, {"uuid": "2161a6f5-be00-4174-a049-1af03cdff47e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:36.000000Z"}, {"uuid": "3918e496-49dd-4a96-a7c3-26e53ce8c8cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-18)", "content": "", "creation_timestamp": "2025-05-18T00:00:00.000000Z"}, {"uuid": "4569a06c-017b-477d-9c81-b337838249c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-01)", "content": "", "creation_timestamp": "2025-07-01T00:00:00.000000Z"}, {"uuid": "138b1b59-6071-47d5-ab9c-a88263158d81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-15)", "content": "", "creation_timestamp": "2025-04-15T00:00:00.000000Z"}, {"uuid": "7150e05a-42dd-4943-aa75-794f0b0e398d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-03)", "content": "", "creation_timestamp": "2025-06-03T00:00:00.000000Z"}, {"uuid": "c2d829e2-7037-4bcd-8a22-ba4d7c88a2cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-02)", "content": "", "creation_timestamp": "2025-06-02T00:00:00.000000Z"}, {"uuid": "45025191-4e88-49b8-9e42-6170061ac933", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-09)", "content": "", "creation_timestamp": "2025-05-09T00:00:00.000000Z"}, {"uuid": "1c0e9660-a6f9-4516-a908-7ddac9009964", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-05-20)", "content": "", "creation_timestamp": "2025-05-20T00:00:00.000000Z"}, {"uuid": "efe8ae7b-2ac6-4307-8772-686df8fa8587", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-06)", "content": "", "creation_timestamp": "2025-06-06T00:00:00.000000Z"}, {"uuid": "e5fabe60-1864-4919-8424-0b9ec376778f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-04)", "content": "", "creation_timestamp": "2025-06-04T00:00:00.000000Z"}, {"uuid": "0a90d6db-61f1-428e-850c-56f7d9bef445", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-10-21)", "content": "", "creation_timestamp": "2025-10-21T00:00:00.000000Z"}, {"uuid": "93ca26b0-8d79-4928-90e2-4563f2800e36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-10-27)", "content": "", "creation_timestamp": "2025-10-27T00:00:00.000000Z"}, {"uuid": "e533360f-cd04-43ec-8ed7-97f89e7e185e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-11-20)", "content": "", "creation_timestamp": "2025-11-20T00:00:00.000000Z"}, {"uuid": "83d8fd57-8435-4168-af7b-1f20f81c98dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-09-10)", "content": "", "creation_timestamp": "2025-09-10T00:00:00.000000Z"}, {"uuid": "eeb1eeeb-419a-46a1-8699-6e07a2fe15b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-10-16)", "content": "", "creation_timestamp": "2025-10-16T00:00:00.000000Z"}, {"uuid": "e4d4e5bf-65e1-4f78-af51-16265f097892", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-09-29)", "content": "", "creation_timestamp": "2025-09-29T00:00:00.000000Z"}, {"uuid": "49a9481a-92fd-4a32-b87a-5b3d3095fb17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-08-26)", "content": "", "creation_timestamp": "2025-08-26T00:00:00.000000Z"}, {"uuid": "22339ad8-64ac-45a8-aac2-2aa4c2348306", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-06)", "content": "", "creation_timestamp": "2025-12-06T00:00:00.000000Z"}, {"uuid": "d3832890-26cb-4d6f-9338-067fa0cfbc30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-06)", "content": "", "creation_timestamp": "2026-02-06T00:00:00.000000Z"}, {"uuid": "871c67d6-62ae-4e61-aff5-dd6b8c06d89e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-12-31)", "content": "", "creation_timestamp": "2025-12-31T00:00:00.000000Z"}, {"uuid": "64ec0a9e-e1cd-40f1-ba27-a56a91f1d5a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-16)", "content": "", "creation_timestamp": "2026-03-16T00:00:00.000000Z"}, {"uuid": "9b3ebafb-cf7c-4fce-b901-38db7d69138c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/a6f65fc1-c5c3-458c-83c7-dd8a71fd7b2a", "content": "", "creation_timestamp": "2026-02-02T12:27:13.688513Z"}, {"uuid": "e87fa202-8aec-4557-9341-27f59a94caed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-02)", "content": "", "creation_timestamp": "2026-04-02T00:00:00.000000Z"}, {"uuid": "14b1001f-b865-4d89-b909-de15db5e9c27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-02)", "content": "", "creation_timestamp": "2026-04-02T00:00:00.000000Z"}, {"uuid": "6a6e3285-5485-4660-9f35-93820192ec5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4132", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-27593\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2022-09-08T11:15:19.503\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://www.qnap.com/en/security-advisory/qsa-22-24\n2. https://www.qnap.com/en/security-advisory/qsa-22-24", "creation_timestamp": "2025-02-12T21:07:40.000000Z"}, {"uuid": "4fbb0c42-df21-41b7-bf6c-a73ad2a180eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27595", "type": "seen", "source": "https://t.me/cvedetector/13303", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-27595 - QVPN Device Client Library Loading Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-27595 \nPublished : Dec. 19, 2024, 2:15 a.m. | 40\u00a0minutes ago \nDescription : An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. \n \nWe have already fixed the vulnerability in the following versions: \nQVPN Windows 2.0.0.1316 and later \nQVPN Windows 2.0.0.1310 and later \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-19T03:55:51.000000Z"}, {"uuid": "7c5767dd-8db7-40ed-aa27-5ebe38d219f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27598", "type": "seen", "source": "https://t.me/ctinow/103480", "content": "Vulnerabilities impacting multiple QNAP operating systems (CVE-2022-27597, CVE-2022-27598)\n\nhttps://ift.tt/QWjHhzx", "creation_timestamp": "2023-04-04T11:36:39.000000Z"}, {"uuid": "db2d3288-fbb9-49a4-a466-15e6701387e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27597", "type": "seen", "source": "https://t.me/ctinow/103480", "content": "Vulnerabilities impacting multiple QNAP operating systems (CVE-2022-27597, CVE-2022-27598)\n\nhttps://ift.tt/QWjHhzx", "creation_timestamp": "2023-04-04T11:36:39.000000Z"}, {"uuid": "de6f158c-eef0-4255-bd47-340385f1550d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27598", "type": "seen", "source": "https://t.me/ctinow/103450", "content": "Vulnerabilities impacting multiple QNAP operating systems (CVE-2022-27597, CVE-2022-27598)\n\nhttps://ift.tt/QWjHhzx", "creation_timestamp": "2023-04-04T07:07:04.000000Z"}, {"uuid": "8ee6cb76-6395-4a34-9bde-ec2010e3f17c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27597", "type": "seen", "source": "https://t.me/ctinow/103450", "content": "Vulnerabilities impacting multiple QNAP operating systems (CVE-2022-27597, CVE-2022-27598)\n\nhttps://ift.tt/QWjHhzx", "creation_timestamp": "2023-04-04T07:07:04.000000Z"}, {"uuid": "16feb8a5-02e8-4640-a88d-8694ee92be52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27596", "type": "seen", "source": "https://t.me/ctinow/90842", "content": "Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw\n\nhttps://ift.tt/hVrJkv3", "creation_timestamp": "2023-02-02T07:46:37.000000Z"}, {"uuid": "d55760c1-55a7-4126-85bf-3eae897faf2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27596", "type": "seen", "source": "https://t.me/ctinow/90388", "content": "Critical QNAP NAS vulnerability fixed, update your device ASAP! (CVE-2022-27596)\n\nhttps://ift.tt/O8q6lrs", "creation_timestamp": "2023-01-31T18:56:44.000000Z"}, {"uuid": "743b94e1-f55d-46f2-85ee-96c22967cf5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "https://t.me/ctinow/63043", "content": "Thousands of QNAP NAS devices hit by DeadBolt ransomware (CVE-2022-27593)\n\nhttps://ift.tt/vOByIQo", "creation_timestamp": "2022-09-12T15:41:46.000000Z"}, {"uuid": "9a904381-24f8-4b79-a44d-34bedcc1ef21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "seen", "source": "https://t.me/arpsyndicate/925", "content": "#ExploitObserverAlert\n\nCVE-2022-27593\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-27593. An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later\n\nFIRST-EPSS: 0.442450000\nNVD-IS: 5.2\nNVD-ES: 3.9", "creation_timestamp": "2023-12-03T11:52:27.000000Z"}, {"uuid": "9c2cb944-d8be-4590-bbdc-7a94697e0090", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27598", "type": "seen", "source": "https://t.me/true_secator/4265", "content": "\u0415\u0441\u043b\u0438 \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u044c \u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u0445, \u0442\u043e \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0432\u0441\u0435\u0433\u0434\u0430 \u043f\u043e\u043c\u043d\u0438\u0442\u044c \u043e \u043f\u0435\u0447\u0430\u043b\u044c\u043d\u043e\u043c \u043e\u043f\u044b\u0442\u0435 \u0442\u0430\u0439\u0432\u0430\u043d\u044c\u0441\u043a\u043e\u0433\u043e \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430 \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445 QNAP, \u0434\u043b\u044f \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e 2022 \u0433\u043e\u0434 \u0441\u0442\u0430\u043b \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0439 \u043a\u0438\u0431\u0435\u0440\u0432\u043e\u0439\u043d\u043e\u0439 \u0441 ransomware.\n\n\u0420\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0431\u0430\u043d\u0434\u044b \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439, \u043f\u0440\u0435\u0436\u0434\u0435 \u0432\u0441\u0435\u0433\u043e Deadbolt, Checkmate \u0438 ech0raix, \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043b\u0438 \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0435\u0432 NAS, \u043d\u0430\u0446\u0435\u043b\u0438\u0432\u0430\u044f\u0441\u044c \u043d\u0430 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0435 0-day, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 QNAP \u0443\u0441\u043f\u0435\u0432\u0430\u043b \u043b\u0430\u0442\u0430\u0442\u044c c \u0445\u043e\u0434\u0443. \n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Chainalysis, \u0432 2022 \u0433\u043e\u0434\u0443 \u0442\u043e\u043b\u044c\u043a\u043e Deadbolt \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0437\u0430\u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0431\u043e\u043b\u0435\u0435 2,3 \u043c\u043b\u043d. \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432, \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0432 \u043f\u043e\u0440\u044f\u0434\u043a\u0435 5000 \u0436\u0435\u0440\u0442\u0432, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0441\u0440\u0435\u0434\u043d\u0438\u0439 \u0440\u0430\u0437\u043c\u0435\u0440 \u0432\u044b\u043a\u0443\u043f\u0430 \u0441\u043e\u0441\u0442\u0430\u0432\u0438\u043b 476 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432.\n\n\u041d\u0430 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 QNAP \u043d\u0435 \u0436\u0434\u0435\u0442 \u0441\u0442\u0440\u0430\u0439\u043a\u043e\u0432 \u0438 \u0432\u0435\u0434\u0443\u0442 \u0430\u043a\u0442\u0438\u0432\u043d\u0443\u044e \u0440\u0430\u0431\u043e\u0442\u0443 \u043d\u0430 \u043e\u043f\u0435\u0440\u0435\u0436\u0435\u043d\u0438\u0435. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e \u0441\u0440\u043e\u0447\u043d\u043e\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u0434\u0432\u0443\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 CVE-2022-27597 \u0438 CVE-2022-27598, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 Sternum \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0447\u0435\u0442\u044b\u0440\u0435 \u0440\u0430\u0437\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430, \u0434\u043b\u044f \u0434\u0432\u0443\u0445 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043e\u0448\u0438\u0431\u043a\u0438 \u0443\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b.\n\n\u041e\u0448\u0438\u0431\u043a\u0438 \u0432\u044b\u0437\u044b\u0432\u0430\u044e\u0442 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441\u043e \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u043e\u0441\u0442\u044c\u044e \u0438 \u043d\u0435\u043f\u0440\u0435\u0434\u0441\u043a\u0430\u0437\u0443\u0435\u043c\u043e\u0435 \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430.\u00a0\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443 QNAP.\n\n\u0422\u0430\u0439\u0432\u0430\u043d\u044c\u0441\u043a\u0430\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u0435\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0430\u043a\u0442\u0438\u0432\u043d\u0435\u0439 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0443.\n\n\u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c, \u0434\u043b\u044f \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0430\u0440\u0438\u0441\u043e\u0432\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0445\u043e\u0440\u043e\u0448\u0430\u044f \u0440\u0430\u0431\u043e\u0442\u0435\u043d\u043a\u0430, \u0435\u0441\u043b\u0438 \u0432\u0435\u0440\u0438\u0442\u044c \u043e\u0446\u0435\u043d\u043a\u0430\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0435 Shodan, \u0431\u043e\u043b\u0435\u0435 80 000 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443 \u0432\u0441\u0435 \u0435\u0449\u0435 \u0438\u043c\u0435\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0430 \u043e\u0431\u0440\u0430\u0442\u0438\u0432\u0448\u0438\u0441\u044c \u043a \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044f\u043c Netlas \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0443\u0434\u0430 \u0431\u043e\u043b\u0435\u0435 \u043c\u0440\u0430\u0447\u043d\u0430\u044f \u043a\u0430\u0440\u0442\u0438\u043d\u0430 - 134 000.", "creation_timestamp": "2023-04-07T14:00:05.000000Z"}, {"uuid": "541df80c-c166-4934-9452-4c9d8e3f5f40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27597", "type": "seen", "source": "https://t.me/true_secator/4265", "content": "\u0415\u0441\u043b\u0438 \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u044c \u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u0445, \u0442\u043e \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0432\u0441\u0435\u0433\u0434\u0430 \u043f\u043e\u043c\u043d\u0438\u0442\u044c \u043e \u043f\u0435\u0447\u0430\u043b\u044c\u043d\u043e\u043c \u043e\u043f\u044b\u0442\u0435 \u0442\u0430\u0439\u0432\u0430\u043d\u044c\u0441\u043a\u043e\u0433\u043e \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430 \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445 QNAP, \u0434\u043b\u044f \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e 2022 \u0433\u043e\u0434 \u0441\u0442\u0430\u043b \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0439 \u043a\u0438\u0431\u0435\u0440\u0432\u043e\u0439\u043d\u043e\u0439 \u0441 ransomware.\n\n\u0420\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0431\u0430\u043d\u0434\u044b \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439, \u043f\u0440\u0435\u0436\u0434\u0435 \u0432\u0441\u0435\u0433\u043e Deadbolt, Checkmate \u0438 ech0raix, \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043b\u0438 \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0435\u0432 NAS, \u043d\u0430\u0446\u0435\u043b\u0438\u0432\u0430\u044f\u0441\u044c \u043d\u0430 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0435 0-day, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 QNAP \u0443\u0441\u043f\u0435\u0432\u0430\u043b \u043b\u0430\u0442\u0430\u0442\u044c c \u0445\u043e\u0434\u0443. \n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Chainalysis, \u0432 2022 \u0433\u043e\u0434\u0443 \u0442\u043e\u043b\u044c\u043a\u043e Deadbolt \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0437\u0430\u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u0431\u043e\u043b\u0435\u0435 2,3 \u043c\u043b\u043d. \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432, \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0432 \u043f\u043e\u0440\u044f\u0434\u043a\u0435 5000 \u0436\u0435\u0440\u0442\u0432, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0441\u0440\u0435\u0434\u043d\u0438\u0439 \u0440\u0430\u0437\u043c\u0435\u0440 \u0432\u044b\u043a\u0443\u043f\u0430 \u0441\u043e\u0441\u0442\u0430\u0432\u0438\u043b 476 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432.\n\n\u041d\u0430 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 QNAP \u043d\u0435 \u0436\u0434\u0435\u0442 \u0441\u0442\u0440\u0430\u0439\u043a\u043e\u0432 \u0438 \u0432\u0435\u0434\u0443\u0442 \u0430\u043a\u0442\u0438\u0432\u043d\u0443\u044e \u0440\u0430\u0431\u043e\u0442\u0443 \u043d\u0430 \u043e\u043f\u0435\u0440\u0435\u0436\u0435\u043d\u0438\u0435. \u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0430 \u043e \u0441\u0440\u043e\u0447\u043d\u043e\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u0434\u0432\u0443\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 CVE-2022-27597 \u0438 CVE-2022-27598, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 Sternum \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0447\u0435\u0442\u044b\u0440\u0435 \u0440\u0430\u0437\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430, \u0434\u043b\u044f \u0434\u0432\u0443\u0445 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043e\u0448\u0438\u0431\u043a\u0438 \u0443\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b.\n\n\u041e\u0448\u0438\u0431\u043a\u0438 \u0432\u044b\u0437\u044b\u0432\u0430\u044e\u0442 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441\u043e \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u043e\u0441\u0442\u044c\u044e \u0438 \u043d\u0435\u043f\u0440\u0435\u0434\u0441\u043a\u0430\u0437\u0443\u0435\u043c\u043e\u0435 \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430.\u00a0\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443 QNAP.\n\n\u0422\u0430\u0439\u0432\u0430\u043d\u044c\u0441\u043a\u0430\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u0435\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0430\u043a\u0442\u0438\u0432\u043d\u0435\u0439 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0443.\n\n\u0422\u0435\u043c \u0432\u0440\u0435\u043c\u0435\u043d\u0435\u043c, \u0434\u043b\u044f \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0430\u0440\u0438\u0441\u043e\u0432\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0445\u043e\u0440\u043e\u0448\u0430\u044f \u0440\u0430\u0431\u043e\u0442\u0435\u043d\u043a\u0430, \u0435\u0441\u043b\u0438 \u0432\u0435\u0440\u0438\u0442\u044c \u043e\u0446\u0435\u043d\u043a\u0430\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0435 Shodan, \u0431\u043e\u043b\u0435\u0435 80 000 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443 \u0432\u0441\u0435 \u0435\u0449\u0435 \u0438\u043c\u0435\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0430 \u043e\u0431\u0440\u0430\u0442\u0438\u0432\u0448\u0438\u0441\u044c \u043a \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044f\u043c Netlas \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0443\u0434\u0430 \u0431\u043e\u043b\u0435\u0435 \u043c\u0440\u0430\u0447\u043d\u0430\u044f \u043a\u0430\u0440\u0442\u0438\u043d\u0430 - 134 000.", "creation_timestamp": "2023-04-07T14:00:05.000000Z"}, {"uuid": "5856fcda-12e8-49a7-af9a-278f16ed8e27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27596", "type": "seen", "source": "https://t.me/true_secator/4010", "content": "\u0412 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u0433\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0442\u0430\u0439\u0432\u0430\u043d\u044c\u0441\u043a\u0438\u043c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c QNAP \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 SQL-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (CVE-2022-27596) \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS 9,8 \u043d\u0430\u0441 \u0442\u0443\u0442 \u0441\u043f\u0440\u0430\u0432\u0435\u0434\u043b\u0438\u0432\u043e \u0441\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u044e\u0442 \u0447\u0438\u0442\u0430\u0442\u0435\u043b\u0438: \u043d\u0443 \u043a\u0430\u043a\u043e\u0439 \u043a\u0440\u0435\u0442\u0438\u043d \u0432\u044b\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 NAS \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442?\n\n\u041d\u043e \u043e\u0442\u0432\u0435\u0442 \u0432\u0440\u044f\u0434 \u043b\u0438 \u043f\u043e\u0440\u0430\u0434\u0443\u0435\u0442: 67 415 NAS-\u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 QNAP \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Censys, \u043f\u0440\u0438\u0447\u0435\u043c \u0438\u0437 \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 30 520 \u0445\u043e\u0441\u0442\u043e\u0432 \u0431\u043e\u043b\u0435\u0435 98% \u043e\u0441\u0442\u0430\u044e\u0442\u0441\u044f \u043d\u0435\u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u044b\u043c\u0438 \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c CVE-2022-27596.\n\n\u041a\u0430\u043a \u043c\u044b \u0443\u0436\u0435 \u043e\u0442\u043c\u0435\u0447\u0430\u043b\u0438, \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u0445 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438, \u0431\u0435\u0437 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c.\n\n\u041a \u0441\u0447\u0430\u0441\u0442\u044c\u044e, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0435\u0449\u0435 \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435, \u0430 PoC \u0435\u0449\u0435 \u043d\u0435 \u043f\u043e\u044f\u0432\u0438\u043b\u0441\u044f \u0432 \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435, \u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0435\u0449\u0435 \u0435\u0441\u0442\u044c \u0432\u0440\u0435\u043c\u044f, \u0447\u0442\u043e\u0431\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 NAS.\n\n\u0412\u0430\u043d\u0433\u0443\u0435\u043c, \u0447\u0442\u043e \u043f\u0435\u0440\u0432\u044b\u0435 \u0436\u0435\u0440\u0442\u0432\u044b \u0430\u0442\u0430\u043a \u043f\u043e\u044f\u0432\u044f\u0442\u0441\u044f \u0435\u0449\u0435 \u0434\u043e \u0432\u044b\u0445\u043e\u0434\u0430 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430, \u043f\u043e \u043a\u0440\u0430\u0439\u043d\u0435\u0439 \u043c\u0435\u0440\u0435 DeadBolt \u0438 eCh0raix \u0443\u0436\u0435 \u043d\u0435 \u0440\u0430\u0437 \u044d\u0442\u043e \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0438.\n\n\u041f\u043e\u043c\u0438\u043c\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c NAS \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u0435\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0441 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u043c\u0438 \u043a \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0443, \u043f\u0440\u0438\u043d\u044f\u0442\u044c \u043c\u0435\u0440\u044b \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u0438\u0445 \u043e\u0442 \u0432\u0445\u043e\u0434\u044f\u0449\u0438\u0445 \u0430\u0442\u0430\u043a, \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043f\u0435\u0440\u0435\u0430\u0434\u0440\u0435\u0441\u0430\u0446\u0438\u0438 \u043f\u043e\u0440\u0442\u043e\u0432 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430 \u0438 UPnP QNAP NAS.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0442\u0430\u043a\u0436\u0435 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f SSH \u0438 Telnet, \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u043d\u043e\u043c\u0435\u0440 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u043e\u0433\u043e \u043f\u043e\u0440\u0442\u0430, \u043f\u0430\u0440\u043e\u043b\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0438 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0437\u0430\u0449\u0438\u0442\u0443 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a IP-\u0430\u0434\u0440\u0435\u0441\u0443 \u0438 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438, \u0441\u043b\u0435\u0434\u0443\u044f \u044d\u0442\u0438\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u044f\u043c.", "creation_timestamp": "2023-02-01T11:31:35.000000Z"}, {"uuid": "bd872345-bc32-47eb-860c-ff101ea922ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27596", "type": "seen", "source": "https://t.me/true_secator/4004", "content": "\u0412 \u043d\u0430\u0447\u0430\u043b\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c QNAP \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u0430\u0437\u0430\u0442\u044c \u0434\u0432\u0430\u0436\u0434\u044b \u043a\u0438\u043d\u0443\u043b \u0441\u0432\u043e\u0438\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0431\u0443\u043a\u0432\u0430\u043b\u044c\u043d\u043e - \u0432 \u0440\u0443\u043a\u0438 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 DeadBolt \u0438 eCh0raix, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043b\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 NAS \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c 0-day, \u043f\u043e\u043a\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c \u0431\u0443\u043a\u0441\u043e\u0432\u0430\u043b \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c.\n\n\u0420\u0435\u0448\u0438\u0432 \u0432\u0441\u0435 \u0436\u0435 \u0432 \u043d\u043e\u0432\u043e\u043c \u0433\u043e\u0434\u0443 \u043d\u0435 \u043d\u0430\u0441\u0442\u0443\u043f\u0430\u0442\u044c \u043d\u0430 \u0442\u0435 \u0436\u0435 \u0433\u0440\u0430\u0431\u043b\u0438, QNAP \u0440\u0435\u0448\u0438\u043b\u0430 \u043e\u043f\u0435\u0440\u0435\u0434\u0438\u0442\u044c \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u0443\u044e \u0432\u043e\u043b\u043d\u0443 ransomware, \u043f\u0440\u0438\u0437\u044b\u0432\u0430\u0432 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f QTS \u0438 QuTS, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0442 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c.\n\nCVE-2022-27596 \u043e\u0446\u0435\u043d\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS v3: 9,8 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 \u041e\u0421 QTS 5.0.1 \u0438 QuTS hero h5.0.1, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 QNAP NAS.\n\n\u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043d\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u043b \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u0438\u043b\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044f\u0445 \u0435\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u043d\u043e\u00a0\u0441\u043e\u0433\u043b\u0430\u0441\u043d\u043e NIST, \u043e\u0448\u0438\u0431\u043a\u0430 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, QNAP \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 JSON, \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u044e\u0449\u0438\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0435\u0435 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0438\u0437\u043a\u043e\u0439 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438, \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0449\u0438\u043c\u0438 \u0432\u043c\u0435\u0448\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438\u043b\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435.\n\n\u0412 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 QNAP \u043d\u0435 \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0430 CVE-2022-27596 \u043a\u0430\u043a \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u0443\u044e \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n\n\u0412 \u0441\u0438\u043b\u0443 \u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f: QTS 5.0.1.2234 \u0441\u0431\u043e\u0440\u043a\u0430 20221201 \u0438 QuTS hero h5.0.1.2248 \u0441\u0431\u043e\u0440\u043a\u0438 20221215 (\u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0438\u0435).\n\n\u041d\u043e, \u043f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u00ab\u043d\u0430\u0442\u0440\u0435\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u00bb \u0435\u0449\u0435 \u0441 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c QNAP NAS \u043d\u0430\u043f\u043e\u043c\u0438\u043d\u0430\u043d\u0438\u044f \u0432 \u043f\u0440\u0438\u043d\u0446\u0438\u043f\u0435 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0442\u0441\u044f.", "creation_timestamp": "2023-01-31T11:05:10.000000Z"}, {"uuid": "1a2b1277-5408-4865-bda4-c0eda58c7305", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27599", "type": "seen", "source": "https://t.me/cibsecurity/70127", "content": "\u203c CVE-2022-27599 \u203c\n\nAn insertion of sensitive information into Log file vulnerability has been reported to affect product. If exploited, the vulnerability possibly provides local authenticated administrators with an additional, less-protected path to acquiring the information via unspecified vectors.We have already fixed the vulnerability in the following version:Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Pro Client 2.3.0.0420 and later\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-08T07:19:19.000000Z"}, {"uuid": "fad19c25-81ce-4637-b02f-1c31da4b857e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27596", "type": "seen", "source": "https://t.me/cibsecurity/57398", "content": "\ud83d\udd74 Patch Critical Bug Now: QNAP NAS Devices Ripe for the Slaughter \ud83d\udd74\n\nAnalysts find that 98% of QNAP NAS are vulnerable to CVE-2022-27596, which allows unauthenticated, remote SQL code injection.\n\n\ud83d\udcd6 Read\n\nvia \"Dark Reading\".", "creation_timestamp": "2023-02-02T17:20:47.000000Z"}, {"uuid": "8ed0e9b6-b165-464d-b6b8-8d5aad5e84f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27596", "type": "seen", "source": "https://t.me/cibsecurity/57141", "content": "\u203c CVE-2022-27596 \u203c\n\nA vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later QTS 5.0.1.2234 build 20221201 and later\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-30T07:36:52.000000Z"}, {"uuid": "44d66050-394b-46d6-8a43-506fde9566c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "seen", "source": "https://t.me/cibsecurity/49451", "content": "\u203c CVE-2022-27593 \u203c\n\nAn externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-12T17:30:13.000000Z"}, {"uuid": "66206357-3070-4482-b77e-a2b4f99ef07d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2759", "type": "seen", "source": "https://t.me/cibsecurity/49116", "content": "\u203c CVE-2022-2759 \u203c\n\nDelta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. This may allow an attacker to view sensitive documents and information on the affected host.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-31T20:37:06.000000Z"}, {"uuid": "a0da9023-3702-4e69-b5f8-ce9bf350b6f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27596", "type": "seen", "source": "https://t.me/thehackernews/3005", "content": "Don't risk losing your data!\n\nQNAP has released security updates to address a critical vulnerability (CVE-2022-27596 / CVSS 9.8) in the NAS devices QTS 5.0.1 &amp; QuTS hero h5.0.1 that can be used to inject arbitrary code.\n\nRead: https://thehackernews.com/2023/01/qnap-fixes-critical-vulnerability-in.html", "creation_timestamp": "2023-01-31T05:13:36.000000Z"}, {"uuid": "d760caa8-85c0-4f72-90c2-4da961c0a96d", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/00245bed-de9d-4863-b7f3-16688bbd9034", "content": "", "creation_timestamp": "2026-06-19T12:47:04.506923Z"}, {"uuid": "1e050cd8-11af-4dea-b2ff-cf02e1b932a2", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/1d95935f-3da7-4c2b-9bd6-3008f9b5b65e", "content": "", "creation_timestamp": "2026-06-23T14:05:32.850080Z"}, {"uuid": "43a6d0f2-615e-4420-a7df-9fd227b1efee", "vulnerability_lookup_origin": "c8fb6bf1-f81f-4cb8-95b1-eadbb3b54ee8", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-27593", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/456bc5b2-a7d9-4963-b1ea-e2e3c4d9948d", "content": "", "creation_timestamp": "2026-06-30T09:23:31.199063Z"}]}