Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

qnap vulnerabilities and exploits

(subscribe to this query)

7.5
CVSSv2
CVE-2017-17027
A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices....
Qnap QtsQnap Qts 4.3.4.0358Qnap Qts 4.3.4.0370Qnap Qts 4.3.4.0372Qnap Qts 4.3.4.0374Qnap Qts 4.3.4.0387
7.5
CVSSv2
CVE-2017-17028
A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices....
Qnap QtsQnap Qts 4.3.4.0358Qnap Qts 4.3.4.0370Qnap Qts 4.3.4.0372Qnap Qts 4.3.4.0374Qnap Qts 4.3.4.0387
7.5
CVSSv2
CVE-2017-17029
A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices....
Qnap QtsQnap Qts 4.3.4.0358Qnap Qts 4.3.4.0370Qnap Qts 4.3.4.0372Qnap Qts 4.3.4.0374Qnap Qts 4.3.4.0387
4.3
CVSSv2
CVE-2018-0716
Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application....
Qnap Qts 4.2.6Qnap Qts 4.3.3Qnap Qts 4.3.4Qnap Qts 4.3.5
5
CVSSv2
CVE-2013-0142
QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors....
Qnap Viostor Network Video Recorder 4.0.3Qnap Viostor Network Video Recorder -Qnap Surveillance Station Pro -Qnap Nas -
7.8
CVSSv2
CVE-2018-14748
Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS....
Qnap Qts 4.2.6Qnap Qts 4.3.3Qnap Qts 4.3.4Qnap Qts 4.3.5
7.5
CVSSv2
CVE-2018-14749
Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS....
Qnap Qts 4.2.6Qnap Qts 4.3.3Qnap Qts 4.3.4Qnap Qts 4.3.5
7.5
CVSSv2
CVE-2018-0730
This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating QTS to their latest versions....
Qnap Qts 4.2.6Qnap Qts 4.3.3.0868Qnap Qts 4.3.3.0998Qnap Qts 4.3.4.0899Qnap Qts 4.3.4.1029Qnap Qts 4.3.6.0895Qnap Qts 4.3.6.0907Qnap Qts 4.3.6.0923Qnap Qts 4.3.6.0944Qnap Qts 4.3.6.0959Qnap Qts 4.3.6.0979Qnap Qts 4.3.6.0993Qnap Qts 4.3.6.1013Qnap Qts 4.3.6.1033Qnap Qts 4.4.1.0948Qnap Qts 4.4.1.0949Qnap Qts 4.4.1.0978Qnap Qts 4.4.1.0998Qnap Qts 4.4.1.0999Qnap Qts 4.4.1.1031Qnap Qts 4.4.1.1033Qnap Qts 4.4.1.1064Qnap Qts 4.4.1.1081Qnap Qts 4.4.1.1086Qnap Qts 4.4.1.1101
3.5
CVSSv2
CVE-2018-19943
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build...
Qnap QtsQnap Qts 4.2.6
4.3
CVSSv2
CVE-2020-2497
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS...
Qnap Quts HeroQnap Qts
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-24686CVE-2021-21298CVE-2021-69420server-side request forgeryCVE-2021-23957microsoftSSTI.netSQLCVE-2021-21273CVE-2021-25281