Qnap Qnap

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Qnap product.

RSS Feeds for Qnap security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Qnap products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Qnap Sorted by Most Security Vulnerabilities since 2018

Qnap Qts142 vulnerabilities

Qnap Quts Hero100 vulnerabilities

Qnap Qutscloud52 vulnerabilities

Qnap File Station10 vulnerabilities

Qnap Video Station9 vulnerabilities

Qnap Qvr9 vulnerabilities

Qnap Photo Station8 vulnerabilities

Qnap Qumagie7 vulnerabilities

Qnap Music Station4 vulnerabilities

Qnap Multimedia Console4 vulnerabilities

Qnap Helpdesk4 vulnerabilities

Qnap Qcalagent3 vulnerabilities

Qnap Notes Station 32 vulnerabilities

Myqnapcloud2 vulnerabilities

Qnap Qulog Center2 vulnerabilities

Qnap Qvpn2 vulnerabilities

Qnap Qvr Pro Client1 vulnerability

Qnap Qvr Smart Client1 vulnerability

Qnap Qvr Firmware1 vulnerability

Qnap Qsync Central1 vulnerability

Qnap Qusbcam21 vulnerability

Qnap Container Station1 vulnerability

Qnap Download Station1 vulnerability

Known Exploited Qnap Vulnerabilities

The following Qnap vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
QNAP VioStor NVR OS Command Injection Vulnerability QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network.
CVE-2023-47565 Exploit Probability: 79.9%
December 21, 2023
QNAP Photo Station Externally Controlled Reference Vulnerability Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign.
CVE-2022-27593 Exploit Probability: 93.6%
September 8, 2022
QNAP Photo Station Path Traversal Vulnerability QNAP devices running Photo Station contains an external control of file name or path vulnerability allowing remote attackers to access or modify system files.
CVE-2019-7195 Exploit Probability: 89.0%
June 8, 2022
QNAP Photo Station Path Traversal Vulnerability QNAP devices running Photo Station contains an external control of file name or path vulnerability allowing remote attackers to access or modify system files.
CVE-2019-7194 Exploit Probability: 93.5%
June 8, 2022
QNAP QTS Improper Input Validation Vulnerability QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system.
CVE-2019-7193 Exploit Probability: 56.0%
June 8, 2022
QNAP Photo Station Improper Access Control Vulnerability QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system.
CVE-2019-7192 Exploit Probability: 94.3%
June 8, 2022
QNAP NAS File Station Cross-Site Scripting Vulnerability A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.
CVE-2018-19953 Exploit Probability: 40.1%
May 24, 2022
QNAP NAS File Station Command Injection Vulnerability A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands.
CVE-2018-19949 Exploit Probability: 57.6%
May 24, 2022
QNAP NAS File Station Cross-Site Scripting Vulnerability A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.
CVE-2018-19943 Exploit Probability: 5.8%
May 24, 2022
QNAP Network-Attached Storage (NAS) Command Injection Vulnerability QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution.
CVE-2020-2509 Exploit Probability: 86.9%
April 11, 2022
QNAP NAS Improper Authorization Vulnerability QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device.
CVE-2021-28799 Exploit Probability: 88.8%
March 31, 2022

Of the known exploited vulnerabilities above, 7 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 3 known exploited Qnap vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

By the Year

In 2025 there have been 10 vulnerabilities in Qnap with an average score of 7.8 out of ten. Last year, in 2024 Qnap had 91 security vulnerabilities published. Right now, Qnap is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.56.




Year Vulnerabilities Average Score
2025 10 7.82
2024 91 7.26
2023 37 7.16
2022 18 8.37
2021 30 8.07
2020 18 7.07
2019 6 8.25
2018 17 7.84

It may take a day or so for new Qnap vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Qnap Security Vulnerabilities

An out-of-bounds read vulnerability has been reported to affect File Station 5

CVE-2025-29871 5.5 - Medium - June 06, 2025

An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

Out-of-bounds Read

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5

CVE-2025-29872 7.5 - High - June 06, 2025

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

Allocation of Resources Without Limits or Throttling

A NULL pointer dereference vulnerability has been reported to affect File Station 5

CVE-2025-29873 7.5 - High - June 06, 2025

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

NULL Pointer Dereference

A NULL pointer dereference vulnerability has been reported to affect File Station 5

CVE-2025-29876 7.5 - High - June 06, 2025

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

NULL Pointer Dereference

A NULL pointer dereference vulnerability has been reported to affect File Station 5

CVE-2025-29877 7.5 - High - June 06, 2025

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

NULL Pointer Dereference

An improper certificate validation vulnerability has been reported to affect File Station 5

CVE-2025-29884 8.8 - High - June 06, 2025

An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later

Improper Certificate Validation

An improper certificate validation vulnerability has been reported to affect File Station 5

CVE-2025-29885 8.8 - High - June 06, 2025

An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later

Improper Certificate Validation

An improper certificate validation vulnerability has been reported to affect File Station 5

CVE-2025-22486 8.8 - High - June 06, 2025

An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later

Improper Certificate Validation

A NULL pointer dereference vulnerability has been reported to affect File Station 5

CVE-2025-22490 7.5 - High - June 06, 2025

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

NULL Pointer Dereference

An improper certificate validation vulnerability has been reported to affect File Station 5

CVE-2025-29883 8.8 - High - June 06, 2025

An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later

Improper Certificate Validation

QNAP OS Improper Certificate Validation Vulnerability

CVE-2024-48865 - December 06, 2024

An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

Improper Certificate Validation

QNAP OS URL Encoding Vulnerability

CVE-2024-48866 - December 06, 2024

An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

Hex Encoding

QNAP OS: CRLF Injection Vulnerability in HTTP Headers

CVE-2024-48867 - December 06, 2024

An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

CRLF Injection

QNAP OS CRLF Injection Vulnerability in HTTP Headers

CVE-2024-48868 - December 06, 2024

An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

CRLF Injection

QNAP NAS SQL Injection Vulnerability in SMB Service

CVE-2024-50387 - December 06, 2024

A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and later SMB Service h4.15.002 and later

SQL Injection

QNAP OS Command Injection Vulnerability

CVE-2024-50393 - December 06, 2024

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

Shell injection

QNAP OS Format String Vulnerability in QTS and QuTS hero

CVE-2024-50402 - December 06, 2024

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

Use of Externally-Controlled Format String

QNAP OS: Remote Code Execution via Format String Vulnerability

CVE-2024-50403 - December 06, 2024

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.2.2.2952 build 20241116 and later

Use of Externally-Controlled Format String

QNAP Operating System: Remote Link Following Vulnerability

CVE-2024-53691 - December 06, 2024

A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QTS 5.2.0.2802 build 20240620 and later QuTS hero h5.1.8.2823 build 20240712 and later QuTS hero h5.2.0.2802 build 20240620 and later

insecure temporary file

An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-32771 2.4 - Low - September 06, 2024

An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2782 build 20240601 and later QuTS hero h5.2.0.2782 build 20240601 and later

Improper Restriction of Excessive Authentication Attempts

A path traversal vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-21904 6.5 - Medium - September 06, 2024

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Directory traversal

An OS command injection vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-21903 4.7 - Medium - September 06, 2024

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Shell injection

An OS command injection vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-21898 8.8 - High - September 06, 2024

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Shell injection

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-21897 5.4 - Medium - September 06, 2024

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

XSS

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-51368 6.5 - Medium - September 06, 2024

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

NULL Pointer Dereference

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-51367 8.8 - High - September 06, 2024

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Classic Buffer Overflow

A path traversal vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-51366 6.5 - Medium - September 06, 2024

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Directory traversal

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-50366 4.8 - Medium - September 06, 2024

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

XSS

A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center

CVE-2024-32762 6.1 - Medium - September 06, 2024

A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuLog Center 1.8.0.872 ( 2024/06/17 ) and later QuLog Center 1.7.0.827 ( 2024/06/17 ) and later

XSS

A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3

CVE-2024-27126 5.4 - Medium - September 06, 2024

A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: Notes Station 3 3.9.6 and later

XSS

A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk

CVE-2024-27125 4.8 - Medium - September 06, 2024

A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following version: Helpdesk 3.3.1 and later

XSS

A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3

CVE-2024-27122 5.4 - Medium - September 06, 2024

A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: Notes Station 3 3.9.6 and later

XSS

An OS command injection vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-34974 8.8 - High - September 06, 2024

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. QuTScloud, QVR, QES are not affected. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790 build 20240605 and later QuTS hero h4.5.4.2626 build 20231225 and later

Shell injection

An OS command injection vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-38641 7.8 - High - September 06, 2024

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later

Shell injection

A cross-site scripting (XSS) vulnerability has been reported to affect Download Station

CVE-2024-38640 5.4 - Medium - September 06, 2024

A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Download Station 5.8.6.283 ( 2024/06/21 ) and later

XSS

An OS command injection vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-34979 7.2 - High - September 06, 2024

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790 build 20240605 and later QuTS hero h4.5.4.2790 build 20240606 and later

Shell injection

An improper authentication vulnerability has been reported to affect Music Station

CVE-2023-45038 8.8 - High - September 06, 2024

An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Music Station 5.4.0 and later

authentification

An OS command injection vulnerability has been reported to affect Video Station

CVE-2023-47563 8.8 - High - September 06, 2024

An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later

Shell injection

A SQL injection vulnerability has been reported to affect Video Station

CVE-2023-50360 8.8 - High - September 06, 2024

A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.1 ( 2024/02/26 ) and later

SQL Injection

An unquoted search path or element vulnerability has been reported to affect QVR Smart Client

CVE-2022-27592 6.7 - Medium - September 06, 2024

An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors. We have already fixed the vulnerability in the following version: Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later

Unquoted Search Path or Element

An OS command injection vulnerability has been reported to affect legacy QTS

CVE-2023-39300 7.2 - High - September 06, 2024

An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS 4.3.4.2814 build 20240618 and later QTS 4.3.3.2784 build 20240619 and later QTS 4.2.6 build 20240618 and later

Shell injection

A missing authorization vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-39298 7.8 - High - September 06, 2024

A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors. QuTScloud, is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2737 build 20240417 and later QuTS hero h5.2.0.2782 build 20240601 and later

AuthZ

An OS command injection vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-21906 4.7 - Medium - September 06, 2024

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later

Shell injection

An improper certificate validation vulnerability has been reported to affect QuMagie

CVE-2024-38642 7.8 - High - September 06, 2024

An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors. We have already fixed the vulnerability in the following version: QuMagie 2.3.1 and later

Improper Certificate Validation

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-32763 8.8 - High - September 06, 2024

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later

Classic Buffer Overflow

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-27128 8.8 - High - May 21, 2024

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Classic Buffer Overflow

An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-21902 8.1 - High - May 21, 2024

An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Information Disclosure

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-27130 8.8 - High - May 21, 2024

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Classic Buffer Overflow

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-27129 8.8 - High - May 21, 2024

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Classic Buffer Overflow

A double free vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-27127 8.8 - High - May 21, 2024

A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute arbitrary code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Double-free

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.