CVE-2022-27600

An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2277 and later QTS 4.5.4.2280 build 20230112 and later QuTS hero h5.0.1.2277 build 20230112 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.qnap.com/en/security-advisory/qsa-23-09	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:qnap:qts::::::::
	cpe:2.3:o:qnap:qts::::::::
	cpe:2.3:o:qnap:qts:4.5.4.2280:-::::::
	cpe:2.3:o:qnap:qts:5.0.1.2277:-::::::
	cpe:2.3:o:qnap:quts_hero::::::::
	cpe:2.3:o:qnap:quts_hero::::::::
	cpe:2.3:o:qnap:quts_hero:h4.5.4.2374:-::::::
	cpe:2.3:o:qnap:quts_hero:h5.0.1.2277:-::::::
	cpe:2.3:o:qnap:qutscloud::::::::

History

No history.

Information

Published : 2024-12-19 02:15

Updated : 2025-12-08 18:46

NVD link : CVE-2022-27600

Mitre link : CVE-2022-27600

CVE.ORG link : CVE-2022-27600

JSON object : View

Products Affected

qnap

quts_hero
qutscloud
qts

CWE

CWE-400

Uncontrolled Resource Consumption

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2022-27600", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@qnapsecurity.com.tw", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-12-19T02:15:21.493", "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-23-09", "tags": ["Vendor Advisory"], "source": "security@qnapsecurity.com.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@qnapsecurity.com.tw", "description": [{"lang": "en", "value": "CWE-400"}, {"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2277 and later\nQTS 4.5.4.2280 build 20230112 and later\nQuTS hero h5.0.1.2277 build 20230112 and later\nQuTS hero h4.5.4.2374 build 20230417 and later\nQuTScloud c5.0.1.2374 and later"}, {"lang": "es", "value": "Se ha informado de una vulnerabilidad de consumo de recursos no controlado que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a atacantes remotos lanzar un ataque de denegaci\u00f3n de servicio (DoS). Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 5.0.1.2277 y posteriores QTS 4.5.4.2280 compilaci\u00f3n 20230112 y posteriores QuTS hero h5.0.1.2277 compilaci\u00f3n 20230112 y posteriores QuTS hero h4.5.4.2374 compilaci\u00f3n 20230417 y posteriores QuTScloud c5.0.1.2374 y posteriores"}], "lastModified": "2025-12-08T18:46:12.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8AD45E6-84F4-4DF9-97DC-756A91663F37", "versionEndExcluding": "4.5.4.2280", "versionStartIncluding": "4.5.1"}, {"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AA5C12D-3EC1-4C42-9BD2-6AF7EF9C7839", "versionEndExcluding": "5.0.1.2277", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:o:qnap:qts:4.5.4.2280:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B25EACFE-773F-425A-8C72-BED2DE74A387"}, {"criteria": "cpe:2.3:o:qnap:qts:5.0.1.2277:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A95B797-6654-4554-852E-C37BFEA297F7"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D9BB786-1499-4712-AA8C-D02229E6A0F8", "versionEndExcluding": "h4.5.4.2374", "versionStartIncluding": "h4.5.1"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACC27F41-ACBE-4E71-9F5E-124F10FEB34F", "versionEndExcluding": "h5.0.1.2277", "versionStartIncluding": "h5.0"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h4.5.4.2374:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8229FDFE-B687-4F57-BC98-EE87BAACBDE8"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2277:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C1F10D3-A5C8-438D-A21C-E02093E865C8"}, {"criteria": "cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D181AEB2-3832-4D06-AFE8-FB7CA5AEC815", "versionEndExcluding": "c5.0.1.2374", "versionStartIncluding": "c5.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "security@qnapsecurity.com.tw"}