QNAP Qts
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in QNAP Qts.
Known Exploited QNAP Qts Vulnerabilities
The following QNAP Qts vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| QNAP QTS Improper Input Validation Vulnerability |
QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system. CVE-2019-7193 Exploit Probability: 25.8% |
June 8, 2022 |
The vulnerability CVE-2019-7193: QNAP QTS Improper Input Validation Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
By the Year
In 2026 there have been 7 vulnerabilities in QNAP Qts. Last year, in 2025 Qts had 40 security vulnerabilities published. Right now, Qts is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 7 | 0.00 |
| 2025 | 40 | 0.00 |
| 2024 | 98 | 7.20 |
| 2023 | 22 | 6.99 |
| 2022 | 6 | 6.75 |
| 2021 | 13 | 7.95 |
| 2020 | 14 | 7.53 |
| 2019 | 4 | 8.13 |
| 2018 | 11 | 6.60 |
It may take a day or so for new Qts vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent QNAP Qts Security Vulnerabilities
Command Injection in QTS / QuTS OS before 5.1.9.2954 (fixed in 5.2.3.3006)
CVE-2024-14026
- March 11, 2026
A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.3.3006 build 20250108 and later
Shell injection
QNAP QTS <=5.2.8.3332 NULL PTR DoS Vulnerability
CVE-2025-47205
- February 11, 2026
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later
NULL Pointer Dereference
QTS 5.2.8.3332 Build DoS via Uninitialized Variable
CVE-2025-58466
- February 11, 2026
A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later
Use of Uninitialized Variable
QNAP QTS/QuTS Hero: Link Following Path Traversal (pre-5.2.8/5.3.2)
CVE-2025-66277
- February 11, 2026
A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3350 build 20251216 and later QuTS hero h5.3.2.3354 build 20251225 and later QuTS hero h5.2.8.3350 build 20251216 and later
insecure temporary file
Buffer Overflow in QTS 5.2.8.3332 (QNAP) Exposes Admin Remote Exploit
CVE-2025-62852
- January 02, 2026
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QTS 5.2.8.3332 build 20251128 and later
Stack Overflow
Buffer Overflow in QTS before 5.2.8.3332 Remote Exploit via Admin
CVE-2025-48721
- January 02, 2026
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QTS 5.2.8.3332 build 20251128 and later
Classic Buffer Overflow
QTS 5.2.7.3256 NULL Pointer DoS Admin Remote Exploit
CVE-2025-53590
- January 02, 2026
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later
NULL Pointer Dereference
QNAP QTS 5.2.7 Auth Bypass via Spoofing (fixed 5.2.7.3297)
CVE-2025-59385
- December 16, 2025
An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to access resources which are not otherwise accessible without proper authentication. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later
Authentication Bypass by Spoofing
Command Injection: QNAP QTS 5.2.7.3297 & QuTS hero 5.3.1
CVE-2025-62847
- December 16, 2025
An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later
Argument Injection
QNAP QTS/QuTS Hero Null Pointer DoS (pre 5.3.1.3292)
CVE-2025-62848
- December 16, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later
NULL Pointer Dereference
SQL Injection in QNAP QTS/QuTS Hero <5.2.7.3297
CVE-2025-62849
- December 16, 2025
An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and later QuTS hero h5.3.1.3292 build 20251024 and later
SQL Injection
QNAP QTS Format String Vulnerability v5.2.6.3195 Remote Exploit
CVE-2025-53407
- October 03, 2025
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
Use of Externally-Controlled Format String
Format String in QTS/QuTS hero 5.2.6.3195 Allows Remote Data Leak
CVE-2025-53406
- October 03, 2025
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
Use of Externally-Controlled Format String
QNAP QTS/QuTS hero 5.2.6.3195 NPD Remote Admin DoS
CVE-2025-52866
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QNAP QTS/QuTS hero NULL ptr DoS before 5.2.6.3195
CVE-2025-52862
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QNAP QTS/QuTS hero NULL Ptr Deref DoS before 5.2.6.3195
CVE-2025-52860
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QNAP QTS 5.2.6.3195: NULL ptr DoS Remote Attacker
CVE-2025-52859
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
NULL Pointer Deref in QNAP QTS & QuTS hero 5.2.6.3195 Before build 20250715 DoS
CVE-2025-52858
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QNAP QTS/QuTS hero NULL ptr deref DoS pre 5.2.6.3195
CVE-2025-52857
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QNAP QTS/QuTS Hero Remote Admin Null Ptr Deref DoS - fixed 5.2.6.3195
CVE-2025-52855
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QTS QNAP OS NPE DoS (5.2.6.3195) Remote Admin
CVE-2025-52854
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QNAP OS QTS/QuTS hero DoS via NULL ptr in pre-5.2.6.3195
CVE-2025-52853
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
NULL PTR DoS in QNAP QTS 5.2.6.3195 & QuTS Hero 5.2.6.3195
CVE-2025-52433
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
CVE-2025-52432: Null Pointer Deref in QNAP QTS/QuTS hero OS DoS (fixed 5.2.6.3195+/5.3.0.3192+)
CVE-2025-52432
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later and later QuTS hero h5.2.6.3195 build 20250715 and later QuTS hero h5.3.0.3192 build 20250716 and later
NULL Pointer Dereference
Format String Vulnerability in QTS 5.2.6.3195+ (CVE202552429)
CVE-2025-52429
- October 03, 2025
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
Use of Externally-Controlled Format String
QTS NULL Pointer Deref DoS in <=5.2.6.3194, Fixed 5.2.6.3195
CVE-2025-52428
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QNAP QTS/QuTS hero 5.2.x NULL Pointer DoS Vulnerability
CVE-2025-52427
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QTS 5.2.6.3195 NULL ptr DoS after admin takeover
CVE-2025-52424
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
External Format String issue in QNAP QTS/QuTS <5.2.6.3195 (pre-5.2.6.3195)
CVE-2025-48730
- October 03, 2025
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
Use of Externally-Controlled Format String
QNAP QTS/QuTS hero NULL PTR DoS prior 5.2.6.3195
CVE-2025-48729
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QNAP QTS Null Ptr DoS before 5.2.6.3195
CVE-2025-48728
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QNAP OS NULL Pointer DoS (QTS 5.2.6.3195+, QuTS hero h5.2.6.3195+)
CVE-2025-48727
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QTS <5.2.6.3195: NULL ptr deref DoS via admin
CVE-2025-48726
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
QNAP QTS 5.2.6.3195 NULL PTR Deref DoS
CVE-2025-47214
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later and later
NULL Pointer Dereference
QNAP QTS/QuTS NULL Pointer DoS (remote admin) before 5.2.6.3195
CVE-2025-47213
- October 03, 2025
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
NULL Pointer Dereference
Command Injection Remote Exec in QNAP QTS/QuTS hero <5.2.6.3195
CVE-2025-47212
- October 03, 2025
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
Shell injection
Path Traversal in QTS 5.2.6.3195 (QNAP) admin reads arbitrary files
CVE-2025-47211
- October 03, 2025
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.3195 build 20250715 and later
Directory traversal
QTS/QuTS <5.2.4.3079: Remote Buffer Overflow CVE-2024-56805
CVE-2024-56805
- June 06, 2025
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later
Classic Buffer Overflow
Qnap QTS/QuTS Hero Command Injection (pre-5.2.4.3079)
CVE-2025-22481
- June 06, 2025
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later
Shell injection
CRLF Injection in QTS 5.2.3.3006+ QNAP OS Remote Data Modification
CVE-2024-53693
- March 07, 2025
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later
Code Injection
QNAP QTS/QuTS Hero CRLF Injection Remote Admin Data Mod (before 5.2.3.3006)
CVE-2024-50405
- March 07, 2025
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later
Code Injection
Out-of-Bounds Write in QNAP QTS 5.1.9.2954 and earlier via Admin Access
CVE-2024-38638
- March 07, 2025
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. QTS 5.2.x/QuTS hero h5.2.x are not affected. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QuTS hero h5.1.9.2954 build 20241120 and later
Memory Corruption
QNAP QTS/QuTS hero <=5.2.0.2851 Sensitive Info Exposure
CVE-2024-13086
- March 07, 2025
An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: QTS 5.2.0.2851 build 20240808 and later QuTS hero h5.2.0.2851 build 20240808 and later
Information Disclosure
Command injection in QNAP QTS/QuTS hero before 5.2.3.3006
CVE-2024-53692
- March 07, 2025
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later
Shell injection
Out-of-Bounds Write in QNAP QTS <5.2.3.3006 (remote admin)
CVE-2024-53697
- March 07, 2025
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later
Memory Corruption
Double Free in QNAP QTS/QuTS Hero before 5.2.3.3006
CVE-2024-53698
- March 07, 2025
A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later
Double-free
OOB write in QNAP QTS/QuTS hero before 5.2.3.3006
CVE-2024-53699
- March 07, 2025
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later
Memory Corruption
QNAP QTS / QuTS Cloud Uncontrolled Resource Consumption (DoS) Fixed in 5.0.1.2277+
CVE-2022-27600
- December 19, 2024
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2277 and later QTS 4.5.4.2280 build 20230112 and later QuTS hero h5.0.1.2277 build 20230112 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later
Resource Exhaustion
QNAP OS Format String Vulnerability in QTS and QuTS hero
CVE-2024-50402
- December 06, 2024
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later
Use of Externally-Controlled Format String
QNAP QTS/QuTS hero Improper Auth Remote Exploit before v5.2.2.2950
CVE-2024-48859
- December 06, 2024
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later
authentification
