Headline
CVE-2022-27599: Vulnerability in QVR Pro Client - Security Advisory
An insertion of sensitive information into Log file vulnerability has been reported to affect product. If exploited, the vulnerability possibly provides local authenticated administrators with an additional, less-protected path to acquiring the information via unspecified vectors.
We have already fixed the vulnerability in the following version: Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Pro Client 2.3.0.0420 and later
<< Back to Security Advisory List
- Release date: September 8, 2023
- Security ID: QSA-23-08
- Severity: Medium
- CVE identifier: CVE-2022-27599
- Affected products: QVR Pro Client 2.3
- Status: Resolved
Summary
An insertion of sensitive information into log file vulnerability has been reported to affect QVR Pro Client. If exploited, the vulnerability could provide local authenticated administrators with a less-protected path to acquire information via unspecified vectors.
We have already fixed the vulnerability in the following version:
- QVR Pro Client 2.3.0.0420 and later
Recommendation
To secure your device, we recommend regularly updating your system and applications to their latest versions to benefit from vulnerability fixes.
Updating QVR Pro Client
To download the latest version of QVR Pro Client for your operating system, please visit https://www.qnap.com/en/utilities/surveillance/.
Attachment
- CVE-2022-27599.json
Acknowledgements: Runzi Zhao, Security Researcher, QI-ANXIN
Revision History:
V1.0 (September 08, 2023) - Published