CVE-2022-27593CISA KEVEPSS p99.7%

CVE-2022-27593QNAP Photo Station Externally Controlled Reference Vulnerability

QNAP / Photo Station

Description

Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign.

Scoring

EPSS87.91% probability of exploitation · percentile 99.7% · 2026-06-17T12:03:21Z

CISA KEV entry

Added to KEV: 2022-09-08

(incoming)1

TypeTargetConfidenceTier
KEVEntryQNAP Photo Station Externally Controlled Reference Vulnerabilitykev-cve-2022-275930%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
QNAP Photo Station Path Traversal Vulnerability
CVE
QNAP Photo Station Improper Access Control Vulnerability
CVE
QNAP Network-Attached Storage (NAS) Command Injection Vulnerability
CVE
QNAP NAS File Station Command Injection Vulnerability
CVE
QNAP VioStor NVR OS Command Injection Vulnerability
CVE
QNAP Helpdesk Improper Access Control Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.