Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nas vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-10107
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.
Western Digital Mycloud Nas 2.11.142
9.8
CVSSv3
CVE-2016-10108
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.
Western Digital Mycloud Nas 2.11.142
1 Metasploit module
NA
CVE-2008-0804
PHP remote file inclusion vulnerability in usrgetform.html in Thecus N5200Pro NAS Server allows remote malicious users to execute arbitrary PHP code via a URL in the name parameter.
Thecus N5200pro Nas Server Control Panel
1 EDB exploit
9.8
CVSSv3
CVE-2013-6924
Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote malicious users to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php.
Seagate Blackarmor Nas 220 Firmware Sg2000-2000.1331
2 EDB exploits
7.5
CVSSv3
CVE-2023-39620
An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote malicious user to obtain sensitive information via the guest account function.
Buffalo Terastation Nas 5410r Firmware 5.00-0.07
9.8
CVSSv3
CVE-2021-45389
A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864.
Starwind Command Center 6864
Starwind San&nas 1578
NA
CVE-2008-7081
userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote malicious users to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the provenance of this information is unknown; the details are obtained solely...
Raidsonic Icy Box Nas 2.3.2.ib.2.rs.1
6.1
CVSSv3
CVE-2018-12099
Grafana prior to 5.2.0-beta1 has XSS vulnerabilities in dashboard links.
Grafana Grafana
Netapp Active Iq Performance Analytics Services -
Netapp Storagegrid Webscale Nas Bridge -
NA
CVE-2013-0142
QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote malicious users to obtain web-server login access via unspecified vectors.
Qnap Viostor Network Video Recorder 4.0.3
Qnap Viostor Network Video Recorder -
Qnap Surveillance Station Pro -
Qnap Nas -
NA
CVE-2013-0143
cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.
Qnap Viostor Network Video Recorder 4.0.3
Qnap Viostor Network Video Recorder -
Qnap Surveillance Station Pro -
Qnap Nas -
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »