Search
Find a vulnerability
Search criteria
2 vulnerabilities found for qvr_smart_client by qnap
CVE-2022-27592 (GCVE-0-2022-27592)
Vulnerability from nvd – Published: 2024-09-06 16:26 – Updated: 2024-09-06 17:49
VLAI
EPSS
VEX
Title
QVR Smart Client
Summary
An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors.
We have already fixed the vulnerability in the following version:
Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | QVR Smart Client |
Affected:
2.4.x.x , < 2.4.0.0570
(custom)
|
|
| qnap | qvr_smart_client |
Affected:
2.4.0 , < 2.4.0.0570
(custom)
cpe:2.3:a:qnap:qvr_smart_client:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:qnap:qvr_smart_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "qvr_smart_client",
"vendor": "qnap",
"versions": [
{
"lessThan": "2.4.0.0570",
"status": "affected",
"version": "2.4.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T17:48:08.561221Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T17:49:51.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows 10 SP1",
"Windows 11",
"Mac OS",
"and Mac M1"
],
"product": "QVR Smart Client",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.4.0.0570",
"status": "affected",
"version": "2.4.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Runzi Zhao, Security Researcher, QI-ANXIN"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eWindows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later\u003cbr\u003e"
}
],
"value": "An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nWindows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later"
}
],
"impacts": [
{
"capecId": "CAPEC-38",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-38"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T16:26:41.790Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-22"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eWindows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following version:\nWindows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later"
}
],
"source": {
"advisory": "QSA-24-22",
"discovery": "EXTERNAL"
},
"title": "QVR Smart Client",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2022-27592",
"datePublished": "2024-09-06T16:26:41.790Z",
"dateReserved": "2022-03-21T22:02:33.325Z",
"dateUpdated": "2024-09-06T17:49:51.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27592 (GCVE-0-2022-27592)
Vulnerability from cvelistv5 – Published: 2024-09-06 16:26 – Updated: 2024-09-06 17:49
VLAI
EPSS
VEX
Title
QVR Smart Client
Summary
An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors.
We have already fixed the vulnerability in the following version:
Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | QVR Smart Client |
Affected:
2.4.x.x , < 2.4.0.0570
(custom)
|
|
| qnap | qvr_smart_client |
Affected:
2.4.0 , < 2.4.0.0570
(custom)
cpe:2.3:a:qnap:qvr_smart_client:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:qnap:qvr_smart_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "qvr_smart_client",
"vendor": "qnap",
"versions": [
{
"lessThan": "2.4.0.0570",
"status": "affected",
"version": "2.4.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T17:48:08.561221Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T17:49:51.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows 10 SP1",
"Windows 11",
"Mac OS",
"and Mac M1"
],
"product": "QVR Smart Client",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.4.0.0570",
"status": "affected",
"version": "2.4.x.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Runzi Zhao, Security Researcher, QI-ANXIN"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eWindows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later\u003cbr\u003e"
}
],
"value": "An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nWindows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later"
}
],
"impacts": [
{
"capecId": "CAPEC-38",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-38"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T16:26:41.790Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-24-22"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eWindows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later\u003cbr\u003e"
}
],
"value": "We have already fixed the vulnerability in the following version:\nWindows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later"
}
],
"source": {
"advisory": "QSA-24-22",
"discovery": "EXTERNAL"
},
"title": "QVR Smart Client",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2022-27592",
"datePublished": "2024-09-06T16:26:41.790Z",
"dateReserved": "2022-03-21T22:02:33.325Z",
"dateUpdated": "2024-09-06T17:49:51.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}