Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qnap nas - vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv2
CVE-2009-3279
The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create a LUKS partition by using the AES-256 cipher in plain CBC mode, which allows local users to obtain sensitive information via a watermark attack.
Qnap Ts-639 Pro Turbo Nas 3.1.1 0815
Qnap Ts-639 Pro Turbo Nas 3.1.0 0627
Qnap Ts-639 Pro Turbo Nas 2.1.7 0613
Qnap Ts-239 Pro Turbo Nas 2.1.7 0613
Qnap Ts-239 Pro Turbo Nas 3.1.0 0627
Qnap Ts-239 Pro Turbo Nas 3.1.1 0815
5.9
CVSSv2
CVE-2009-3200
The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this ...
Qnap Ts-239 Pro Turbo Nas 2.1.7 0613
Qnap Ts-239 Pro Turbo Nas 3.1.0 0627
Qnap Ts-639 Pro Turbo Nas 3.1.0 0627
Qnap Ts-639 Pro Turbo Nas 3.1.1 0815
Qnap Ts-239 Pro Turbo Nas 3.1.1 0815
Qnap Ts-639 Pro Turbo Nas 2.1.7 0613
5
CVSSv2
CVE-2013-0142
QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote malicious users to obtain web-server login access via unspecified vectors.
Qnap Viostor Network Video Recorder 4.0.3
Qnap Viostor Network Video Recorder -
Qnap Surveillance Station Pro -
Qnap Nas -
6.5
CVSSv2
CVE-2013-0143
cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.
Qnap Viostor Network Video Recorder 4.0.3
Qnap Viostor Network Video Recorder -
Qnap Nas -
Qnap Surveillance Station Pro -
1 EDB exploit
4.3
CVSSv2
CVE-2017-7636
Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote malicious users to inject arbitrary web script or HTML.
Qnap Nas Proxy Server
6.8
CVSSv2
CVE-2017-7635
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.
Qnap Nas Proxy Server
10
CVSSv2
CVE-2017-7637
QNAP NAS application Proxy Server through version 1.2.0 allows remote malicious users to run arbitrary OS commands against the system with root privileges.
Qnap Nas Proxy Server
5
CVSSv2
CVE-2017-7639
QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server.
Qnap Nas Proxy Server
7.5
CVSSv2
CVE-2020-2509
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows malicious users to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 ...
Qnap Qts 4.3.4.0387
Qnap Qts 4.3.4.0370
Qnap Qts 4.3.4.0372
Qnap Qts 4.3.4.0374
Qnap Qts 4.3.4.0358
Qnap Qts 4.3.4.0604
Qnap Qts 4.3.4.0597
Qnap Qts 4.3.4.0593
Qnap Qts 4.3.4.0569
Qnap Qts 4.3.4.0561
Qnap Qts 4.3.4.0516
Qnap Qts 4.3.4.0526
Qnap Qts 4.3.4.0551
Qnap Qts 4.3.4.0557
Qnap Qts 4.3.6.1033
Qnap Qts 4.3.6.1013
Qnap Qts 4.3.6.0993
Qnap Qts 4.3.6.0979
Qnap Qts 4.3.6.0959
Qnap Qts 4.3.6.0944
Qnap Qts 4.3.6.0923
Qnap Qts 4.3.6.0907
1 Github repository
1 Article
NA
CVE-2024-21899
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions...
Qnap Qts 5.1.3.2578
Qnap Quts Hero H5.1.3.2578
Qnap Qts 4.5.4.2627
Qnap Quts Hero H4.5.4.2626
Qnap Qts
Qnap Qutscloud
Qnap Quts Hero
3 Github repositories
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »