Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nas vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-3200
The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this ...
Qnap Ts-239 Pro Turbo Nas 2.1.7 0613
Qnap Ts-239 Pro Turbo Nas 3.1.0 0627
Qnap Ts-639 Pro Turbo Nas 3.1.0 0627
Qnap Ts-639 Pro Turbo Nas 3.1.1 0815
Qnap Ts-239 Pro Turbo Nas 3.1.1 0815
Qnap Ts-639 Pro Turbo Nas 2.1.7 0613
NA
CVE-2009-3279
The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create a LUKS partition by using the AES-256 cipher in plain CBC mode, which allows local users to obtain sensitive information via a watermark attack.
Qnap Ts-639 Pro Turbo Nas 3.1.1 0815
Qnap Ts-639 Pro Turbo Nas 3.1.0 0627
Qnap Ts-639 Pro Turbo Nas 2.1.7 0613
Qnap Ts-239 Pro Turbo Nas 2.1.7 0613
Qnap Ts-239 Pro Turbo Nas 3.1.0 0627
Qnap Ts-239 Pro Turbo Nas 3.1.1 0815
7.5
CVSSv3
CVE-2021-26620
An improper authentication vulnerability leading to information leakage exists in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changin...
Iptime Nas101 Firmware
Iptime Nas1dual Firmware
Iptime Nas2dual Firmware
Iptime Nas3 Firmware
Iptime Nas4 Firmware
Iptime Nas4dual Firmware
Iptime Nas-i Firmware
Iptime Nas-ii Firmware
Iptime Nas-iie Firmware
8
CVSSv3
CVE-2020-7847
The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.
Iptime Nas-i Firmware
Iptime Nas-ii Firmware
Iptime Nas-iie Firmware
Iptime Nas101 Firmware
Iptime Nas1dual Firmware
Iptime Nas2dual Firmware
Iptime Nas3 Firmware
Iptime Nas4 Firmware
Iptime Nas4dual Firmware
NA
CVE-2002-1955
Iomega NAS A300U uses cleartext LANMAN authentication when mounting CIFS/SMB drives, which allows remote malicious users to perform a man-in-the-middle attack.
Iomega Nas A300u
9.8
CVSSv3
CVE-2022-4221
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated malicious user to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: up to and includin...
Asus Nas-m25 Firmware
NA
CVE-2012-2568
d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote malicious users to change the administrator password via unspecified vectors.
Seagate Blackarmor Nas
8.8
CVSSv3
CVE-2017-7635
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.
Qnap Nas Proxy Server
6.1
CVSSv3
CVE-2017-7636
Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote malicious users to inject arbitrary web script or HTML.
Qnap Nas Proxy Server
9.8
CVSSv3
CVE-2017-7637
QNAP NAS application Proxy Server through version 1.2.0 allows remote malicious users to run arbitrary OS commands against the system with root privileges.
Qnap Nas Proxy Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »