Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nas vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-14839
LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters.
Lg N1a1 Firmware 3718.510
9.8
CVSSv3
CVE-2018-12295
SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows malicious users to execute arbitrary SQL commands via the dirId URL parameter.
Seagate Nas Os 4.3.15.1
9.8
CVSSv3
CVE-2018-14699
System command injection in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated malicious users to execute system commands via the "username" URL parameter.
Drobo 5n2 Firmware 4.0.5-13.28.96115
1 Github repository
9.8
CVSSv3
CVE-2018-14706
System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated malicious users to execute system commands via the payload in a POST request.
Drobo 5n2 Firmware 4.0.5-13.28.96115
9.8
CVSSv3
CVE-2018-14709
Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows malicious users to bypass authentication due to insecure token generation.
Drobo 5n2 Firmware 4.0.5-13.28.96115
9.8
CVSSv3
CVE-2018-14701
System command injection in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated malicious users to execute system commands via the "username" URL parameter.
Drobo 5n2 Firmware 4.0.5-13.28.96115
9.8
CVSSv3
CVE-2018-14703
Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated malicious users to retrieve the MySQL database root password.
Drobo 5n2 Firmware 4.0.5-13.28.96115
9.8
CVSSv3
CVE-2018-14708
An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows malicious users to intercept network traffic.
Drobo 5n2 Firmware 4.0.5-13.28.96115
9.8
CVSSv3
CVE-2018-14746
Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and previous versions versions could allow remote malicious users to run arbitrary commands on the NAS.
Qnap Qts 4.3.5
Qnap Qts 4.3.4
Qnap Qts 4.3.3
Qnap Qts 4.2.6
9.8
CVSSv3
CVE-2018-14749
Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and previous versions versions could have unspecified impact on the NAS.
Qnap Qts 4.3.5
Qnap Qts 4.3.4
Qnap Qts 4.3.3
Qnap Qts 4.2.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »