Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nas vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv2
CVE-2009-3200
The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create an undocumented recovery key and store it in the ENCK variable in flash memory, which allows local users to bypass the passphrase requirement and decrypt the hard drive by reading this ...
Qnap Ts-239 Pro Turbo Nas 2.1.7 0613
Qnap Ts-239 Pro Turbo Nas 3.1.0 0627
Qnap Ts-639 Pro Turbo Nas 3.1.0 0627
Qnap Ts-639 Pro Turbo Nas 3.1.1 0815
Qnap Ts-239 Pro Turbo Nas 3.1.1 0815
Qnap Ts-639 Pro Turbo Nas 2.1.7 0613
4.9
CVSSv2
CVE-2009-3279
The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create a LUKS partition by using the AES-256 cipher in plain CBC mode, which allows local users to obtain sensitive information via a watermark attack.
Qnap Ts-639 Pro Turbo Nas 3.1.1 0815
Qnap Ts-639 Pro Turbo Nas 3.1.0 0627
Qnap Ts-639 Pro Turbo Nas 2.1.7 0613
Qnap Ts-239 Pro Turbo Nas 2.1.7 0613
Qnap Ts-239 Pro Turbo Nas 3.1.0 0627
Qnap Ts-239 Pro Turbo Nas 3.1.1 0815
5
CVSSv2
CVE-2021-26620
An improper authentication vulnerability leading to information leakage exists in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changin...
Iptime Nas101 Firmware
Iptime Nas1dual Firmware
Iptime Nas2dual Firmware
Iptime Nas3 Firmware
Iptime Nas4 Firmware
Iptime Nas4dual Firmware
Iptime Nas-i Firmware
Iptime Nas-ii Firmware
Iptime Nas-iie Firmware
5.2
CVSSv2
CVE-2020-7847
The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.
Iptime Nas-i Firmware
Iptime Nas-ii Firmware
Iptime Nas-iie Firmware
Iptime Nas101 Firmware
Iptime Nas1dual Firmware
Iptime Nas2dual Firmware
Iptime Nas3 Firmware
Iptime Nas4 Firmware
Iptime Nas4dual Firmware
5
CVSSv2
CVE-2002-1955
Iomega NAS A300U uses cleartext LANMAN authentication when mounting CIFS/SMB drives, which allows remote malicious users to perform a man-in-the-middle attack.
Iomega Nas A300u
NA
CVE-2022-4221
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated malicious user to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: up to and includin...
Asus Nas-m25 Firmware
10
CVSSv2
CVE-2012-2568
d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote malicious users to change the administrator password via unspecified vectors.
Seagate Blackarmor Nas
5
CVSSv2
CVE-2018-12298
Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows malicious users to read files within the application's container via a URL path.
Seagate Nas Os 4.3.15.1
5.8
CVSSv2
CVE-2018-12300
Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows malicious users to disclose information in the Referer header via the 'state' URL parameter.
Seagate Nas Os 4.3.15.1
3.5
CVSSv2
CVE-2018-12303
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows malicious users to execute JavaScript via directory names.
Seagate Nas Os 4.3.15.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »