QVR Pro Client
CVE-2022-27599

6.7MEDIUM

Key Information:

Vendor: QNAP
Status: Qvr Pro Client
Vendor: CVE Published:; 8 September 2023

Summary

An insertion of sensitive information into Log file vulnerability has been reported to affect product. If exploited, the vulnerability possibly provides local authenticated administrators with an additional, less-protected path to acquiring the information via unspecified vectors.

We have already fixed the vulnerability in the following version: Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Pro Client 2.3.0.0420 and later

Affected Version(s)

QVR Pro Client Windows 10 SP1 2.3.*.* < 2.3.0.0420

References

https://www.qnap.com/en/security-advisory/qsa-23-08

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 8, 2023
Vulnerability Reserved
Mar 21, 2022

Credit

Runzi Zhao, Security Researcher, QI-ANXIN