Unauthorized Code Execution Vulnerability Affects QVR Smart Client

CVE-2022-27592

6.7MEDIUM

Key Information

Vendor: QNAP
Status: Qvr Smart Client
Vendor: CVE Published:; 6 September 2024

Summary

An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors. We have already fixed the vulnerability in the following version: Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later

Affected Version(s)

QVR Smart Client < 2.4.0.0570

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 6, 2024
Vulnerability Reserved.
Mar 21, 2022

Collectors

NVD DatabaseMitre Database

Credit

Runzi Zhao, Security Researcher, QI-ANXIN