Qnap Qts
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Qnap Qts.
Known Exploited Qnap Qts Vulnerabilities
The following Qnap Qts vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| QNAP QTS Improper Input Validation Vulnerability |
QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system. CVE-2019-7193 Exploit Probability: 56.9% |
June 8, 2022 |
The vulnerability CVE-2019-7193: QNAP QTS Improper Input Validation Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
By the Year
In 2025 there have been 0 vulnerabilities in Qnap Qts. Last year, in 2024 Qts had 72 security vulnerabilities published. Right now, Qts is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 72 | 7.23 |
| 2023 | 21 | 7.01 |
| 2022 | 6 | 6.75 |
| 2021 | 13 | 7.95 |
| 2020 | 14 | 7.34 |
| 2019 | 4 | 8.55 |
| 2018 | 9 | 8.06 |
It may take a day or so for new Qts vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Qnap Qts Security Vulnerabilities
QNAP OS Improper Certificate Validation Vulnerability
CVE-2024-48865
- December 06, 2024
An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later
Improper Certificate Validation
QNAP OS URL Encoding Vulnerability
CVE-2024-48866
- December 06, 2024
An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later
Hex Encoding
QNAP OS: CRLF Injection Vulnerability in HTTP Headers
CVE-2024-48867
- December 06, 2024
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later
CRLF Injection
QNAP OS CRLF Injection Vulnerability in HTTP Headers
CVE-2024-48868
- December 06, 2024
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later
CRLF Injection
QNAP NAS SQL Injection Vulnerability in SMB Service
CVE-2024-50387
- December 06, 2024
A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and later SMB Service h4.15.002 and later
SQL Injection
QNAP OS Command Injection Vulnerability
CVE-2024-50393
- December 06, 2024
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later
Shell injection
QNAP OS Format String Vulnerability in QTS and QuTS hero
CVE-2024-50402
- December 06, 2024
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later
Use of Externally-Controlled Format String
QNAP OS: Remote Code Execution via Format String Vulnerability
CVE-2024-50403
- December 06, 2024
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.2.2.2952 build 20241116 and later
Use of Externally-Controlled Format String
QNAP Operating System: Remote Link Following Vulnerability
CVE-2024-53691
- December 06, 2024
A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QTS 5.2.0.2802 build 20240620 and later QuTS hero h5.1.8.2823 build 20240712 and later QuTS hero h5.2.0.2802 build 20240620 and later
insecure temporary file
An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions
CVE-2024-32771
2.4 - Low
- September 06, 2024
An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2782 build 20240601 and later QuTS hero h5.2.0.2782 build 20240601 and later
Improper Restriction of Excessive Authentication Attempts
An OS command injection vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-34979
7.2 - High
- September 06, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790 build 20240605 and later QuTS hero h4.5.4.2790 build 20240606 and later
Shell injection
An OS command injection vulnerability has been reported to affect several QNAP operating system versions
CVE-2024-38641
7.8 - High
- September 06, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later
Shell injection
An OS command injection vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-34974
8.8 - High
- September 06, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. QuTScloud, QVR, QES are not affected. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790 build 20240605 and later QuTS hero h4.5.4.2626 build 20231225 and later
Shell injection
An OS command injection vulnerability has been reported to affect legacy QTS
CVE-2023-39300
7.2 - High
- September 06, 2024
An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS 4.3.4.2814 build 20240618 and later QTS 4.3.3.2784 build 20240619 and later QTS 4.2.6 build 20240618 and later
Shell injection
A missing authorization vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-39298
7.8 - High
- September 06, 2024
A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors. QuTScloud, is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2737 build 20240417 and later QuTS hero h5.2.0.2782 build 20240601 and later
AuthZ
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-50366
4.8 - Medium
- September 06, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
XSS
A path traversal vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-51366
6.5 - Medium
- September 06, 2024
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
Directory traversal
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-51367
8.8 - High
- September 06, 2024
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
Classic Buffer Overflow
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-51368
6.5 - Medium
- September 06, 2024
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
NULL Pointer Dereference
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions
CVE-2024-21897
5.4 - Medium
- September 06, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
XSS
An OS command injection vulnerability has been reported to affect several QNAP operating system versions
CVE-2024-21898
8.8 - High
- September 06, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
Shell injection
An OS command injection vulnerability has been reported to affect several QNAP operating system versions
CVE-2024-21903
4.7 - Medium
- September 06, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
Shell injection
A path traversal vulnerability has been reported to affect several QNAP operating system versions
CVE-2024-21904
6.5 - Medium
- September 06, 2024
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later
Directory traversal
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions
CVE-2024-32763
8.8 - High
- September 06, 2024
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later
Classic Buffer Overflow
An OS command injection vulnerability has been reported to affect several QNAP operating system versions
CVE-2024-21906
4.7 - Medium
- September 06, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later
Shell injection
An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions
CVE-2024-21902
8.1 - High
- May 21, 2024
An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later
Information Disclosure
A double free vulnerability has been reported to affect several QNAP operating system versions
CVE-2024-27127
8.8 - High
- May 21, 2024
A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute arbitrary code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later
Double-free
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions
CVE-2024-27128
8.8 - High
- May 21, 2024
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later
Classic Buffer Overflow
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions
CVE-2024-27129
8.8 - High
- May 21, 2024
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later
Classic Buffer Overflow
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions
CVE-2024-27130
8.8 - High
- May 21, 2024
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later
Classic Buffer Overflow
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-50361
8.8 - High
- April 26, 2024
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
Classic Buffer Overflow
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-50362
8.8 - High
- April 26, 2024
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
Classic Buffer Overflow
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-50363
8.1 - High
- April 26, 2024
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
AuthZ
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-50364
8.8 - High
- April 26, 2024
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later
Classic Buffer Overflow
An injection vulnerability has been reported to affect several QNAP operating system versions
CVE-2024-21900
6.5 - Medium
- March 08, 2024
An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later
Injection
A SQL injection vulnerability has been reported to affect myQNAPcloud
CVE-2024-21901
4.7 - Medium
- March 08, 2024
A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 ( 2023/11/24 ) and later QTS 4.5.4.2627 build 20231225 and later
SQL Injection
An improper authentication vulnerability has been reported to affect several QNAP operating system versions
CVE-2024-21899
9.8 - Critical
- March 08, 2024
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later
authentification
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-41278
7.2 - High
- February 02, 2024
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later
Classic Buffer Overflow
An OS command injection vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-41281
7.2 - High
- February 02, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later
Shell injection
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-41279
7.2 - High
- February 02, 2024
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later
Classic Buffer Overflow
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-41280
7.2 - High
- February 02, 2024
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later
Classic Buffer Overflow
An OS command injection vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-41282
7.2 - High
- February 02, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later
Shell injection
An OS command injection vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-41283
7.2 - High
- February 02, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later
Shell injection
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-41292
7.2 - High
- February 02, 2024
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later
Classic Buffer Overflow
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-45036
7.2 - High
- February 02, 2024
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later
Classic Buffer Overflow
An unchecked return value vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-50359
6.7 - Medium
- February 02, 2024
An unchecked return value vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated administrators to place the system in a state that could lead to a crash or other unintended behaviors via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later
Unchecked Return Value
An OS command injection vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-47566
7.2 - High
- February 02, 2024
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later
Shell injection
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-45037
7.2 - High
- February 02, 2024
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later
Classic Buffer Overflow
A path traversal vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-45026
4.9 - Medium
- February 02, 2024
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later
Directory traversal
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions
CVE-2023-45028
4.9 - Medium
- February 02, 2024
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later
Allocation of Resources Without Limits or Throttling
