← Back

CVE-2022-27595

nvd nist
Published: Dec 19, 2024Modified: Dec 8, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: security@qnapsecurity.com.tw (Secondary)

Description

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windows 2.0.0.1316 and later QVPN Windows 2.0.0.1310 and later

Affected (1)

Products: Qnap: Qvpn
Qnap
1 product
Qvpn
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Qvpn
Before 2.0.0.1316

Related CWEs

CWE-427
Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (1)

Source: security@qnapsecurity.com.tw
Vendor Advisory

Timeline

No history available yet.