Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nas vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-0144
Cross-site request forgery (CSRF) vulnerability in cgi-bin/create_user.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote malicious users to hijack the authentication of administrators for requests that create administrative accounts via a NEW USER action.
Qnap Viostor Network Video Recorder 4.0.3
Qnap Viostor Network Video Recorder -
9.8
CVSSv3
CVE-2020-2509
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows malicious users to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 ...
Qnap Qts 4.3.4.0387
Qnap Qts 4.3.4.0370
Qnap Qts 4.3.4.0372
Qnap Qts 4.3.4.0374
Qnap Qts 4.3.4.0358
Qnap Qts 4.3.4.0604
Qnap Qts 4.3.4.0597
Qnap Qts 4.3.4.0593
Qnap Qts 4.3.4.0569
Qnap Qts 4.3.4.0561
Qnap Qts 4.3.4.0516
Qnap Qts 4.3.4.0526
Qnap Qts 4.3.4.0551
Qnap Qts 4.3.4.0557
Qnap Qts 4.3.6.1033
Qnap Qts 4.3.6.1013
Qnap Qts 4.3.6.0993
Qnap Qts 4.3.6.0979
Qnap Qts 4.3.6.0959
Qnap Qts 4.3.6.0944
Qnap Qts 4.3.6.0923
Qnap Qts 4.3.6.0907
1 Github repository
1 Article
9.8
CVSSv3
CVE-2024-3273
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The mani...
Dlink Dns-320l Firmware -
Dlink Dns-120 Firmware -
Dlink Dnr-202l Firmware -
Dlink Dns-315l Firmware -
Dlink Dns-320 Firmware -
Dlink Dns-320lw Firmware -
Dlink Dns-321 Firmware -
Dlink Dnr-322l Firmware -
Dlink Dns-323 Firmware -
Dlink Dns-325 Firmware -
Dlink Dns-326 Firmware -
Dlink Dns-327l Firmware -
Dlink Dnr-326 Firmware -
Dlink Dns-340l Firmware -
Dlink Dns-343 Firmware -
Dlink Dns-345 Firmware -
Dlink Dns-726-4 Firmware -
Dlink Dns-1100-4 Firmware -
Dlink Dns-1200-05 Firmware -
Dlink Dns-1550-04 Firmware -
8 Github repositories
2 Articles
9.8
CVSSv3
CVE-2021-28809
An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows malicious users to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions o...
Qnap Hybrid Backup Sync
9.8
CVSSv3
CVE-2018-18472
Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, ...
Westerndigital My Book Live Firmware
1 Github repository
1 Article
9.8
CVSSv3
CVE-2018-11509
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an malicious user to login and upload a webshell.
Asustor Asustor Data Master 3.1.0
1 EDB exploit
9.8
CVSSv3
CVE-2018-11511
The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album/tree_lists/ URI.
Asustor Asustor Data Master 3.1.0
1 EDB exploit
8.8
CVSSv3
CVE-2020-36197
An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows malicious users to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, eva...
Qnap Music Station
NA
CVE-2006-7243
PHP prior to 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent malicious users to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists...
Php Php 5.3.0
Php Php 4.0.3
Php Php 4.0.4
Php Php 4.0
Php Php 4.1.0
Php Php 4.2.2
Php Php 4.2.3
Php Php 4.3.2
Php Php 4.3.3
Php Php 4.4.1
Php Php 4.4.2
Php Php 4.4.9
Php Php 3.0.11
Php Php 3.0.18
Php Php 3.0.4
Php Php 3.0.8
Php Php 3.0.5
Php Php 5.2.12
Php Php 5.2.10
Php Php 5.2.8
Php Php 5.2.3
Php Php 5.2.4
2 Articles
4.7
CVSSv3
CVE-2024-21901
A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 ( 2023/11/...
Qnap Qts 4.5.4.2627
Qnap Qts
Qnap Myqnapcloud
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »