Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nas vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2022-20210
The UE and the EMM communicate with each other using NAS messages. When a new NAS message arrives from the EMM, the modem parses it and fills in internal objects based on the received data. A bug in the parsing code could be used by an malicious user to remotely crash the modem, ...
Google Android -
1 Article
10
CVSSv2
CVE-2022-24552
A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that wi...
Starwindsoftware Nas
Starwindsoftware San
10
CVSSv2
CVE-2021-28809
An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows malicious users to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions o...
Qnap Hybrid Backup Sync
10
CVSSv2
CVE-2020-27744
An issue exists on Western Digital My Cloud NAS devices prior to 5.04.114. They allow remote code execution with resultant escalation of privileges.
Westerndigital My Cloud Firmware
10
CVSSv2
CVE-2020-27158
Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices before 5.04.114.
Westerndigital My Cloud Firmware
10
CVSSv2
CVE-2020-27159
Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices before 5.04.114
Westerndigital My Cloud Firmware
10
CVSSv2
CVE-2020-9054
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated malicious user to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve a...
Zyxel Nas326 Firmware
Zyxel Nas520 Firmware
Zyxel Nas540 Firmware
Zyxel Nas542 Firmware
Zyxel Atp100 Firmware
Zyxel Atp200 Firmware
Zyxel Atp500 Firmware
Zyxel Atp800 Firmware
Zyxel Usg20-vpn Firmware
Zyxel Usg20w-vpn Firmware
Zyxel Usg40 Firmware
Zyxel Usg40w Firmware
Zyxel Usg60 Firmware
Zyxel Usg60w Firmware
Zyxel Usg110 Firmware
Zyxel Usg210 Firmware
Zyxel Usg310 Firmware
Zyxel Usg1100 Firmware
Zyxel Usg1900 Firmware
Zyxel Usg2200 Firmware
Zyxel Vpn50 Firmware
Zyxel Vpn100 Firmware
1 Github repository
1 Article
10
CVSSv2
CVE-2019-2289
Lack of integrity check allows MODEM to accept any NAS messages which can result into authentication bypass of NAS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrag...
Qualcomm Apq8009 Firmware -
Qualcomm Apq8017 Firmware -
Qualcomm Apq8053 Firmware -
Qualcomm Apq8096au Firmware -
Qualcomm Apq8098 Firmware -
Qualcomm Mdm915 Firmware -
Qualcomm Mdm9205 Firmware -
Qualcomm Mdm9206 Firmware -
Qualcomm Mdm9607 Firmware -
Qualcomm Mdm9615 Firmware -
Qualcomm Mdm9625 Firmware -
Qualcomm Mdm9635m Firmware -
Qualcomm Mdm9640 Firmware -
Qualcomm Mdm9650 Firmware -
Qualcomm Mdm9655 Firmware -
Qualcomm Msm8905 Firmware -
Qualcomm Msm8909 Firmware -
Qualcomm Msm8909w Firmware -
Qualcomm Msm8917 Firmware -
Qualcomm Msm8920 Firmware -
Qualcomm Msm8937 Firmware -
Qualcomm Msm8940 Firmware -
10
CVSSv2
CVE-2018-18472
Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, ...
Westerndigital My Book Live Firmware
1 Github repository
1 Article
10
CVSSv2
CVE-2018-14706
System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated malicious users to execute system commands via the payload in a POST request.
Drobo 5n2 Firmware 4.0.5-13.28.96115
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »