Qts Qnap Qts

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Qnap Qts.

Known Exploited Qnap Qts Vulnerabilities

The following Qnap Qts vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
QNAP QTS Improper Input Validation Vulnerability QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system.
CVE-2019-7193 Exploit Probability: 56.9%
June 8, 2022

The vulnerability CVE-2019-7193: QNAP QTS Improper Input Validation Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.

By the Year

In 2025 there have been 0 vulnerabilities in Qnap Qts. Last year, in 2024 Qts had 72 security vulnerabilities published. Right now, Qts is on track to have less security vulnerabilities in 2025 than it did last year.




Year Vulnerabilities Average Score
2025 0 0.00
2024 72 7.23
2023 21 7.01
2022 6 6.75
2021 13 7.95
2020 14 7.34
2019 4 8.55
2018 9 8.06

It may take a day or so for new Qts vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Qnap Qts Security Vulnerabilities

QNAP OS Improper Certificate Validation Vulnerability

CVE-2024-48865 - December 06, 2024

An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

Improper Certificate Validation

QNAP OS URL Encoding Vulnerability

CVE-2024-48866 - December 06, 2024

An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

Hex Encoding

QNAP OS: CRLF Injection Vulnerability in HTTP Headers

CVE-2024-48867 - December 06, 2024

An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

CRLF Injection

QNAP OS CRLF Injection Vulnerability in HTTP Headers

CVE-2024-48868 - December 06, 2024

An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

CRLF Injection

QNAP NAS SQL Injection Vulnerability in SMB Service

CVE-2024-50387 - December 06, 2024

A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and later SMB Service h4.15.002 and later

SQL Injection

QNAP OS Command Injection Vulnerability

CVE-2024-50393 - December 06, 2024

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

Shell injection

QNAP OS Format String Vulnerability in QTS and QuTS hero

CVE-2024-50402 - December 06, 2024

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

Use of Externally-Controlled Format String

QNAP OS: Remote Code Execution via Format String Vulnerability

CVE-2024-50403 - December 06, 2024

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.2.2.2952 build 20241116 and later

Use of Externally-Controlled Format String

QNAP Operating System: Remote Link Following Vulnerability

CVE-2024-53691 - December 06, 2024

A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QTS 5.2.0.2802 build 20240620 and later QuTS hero h5.1.8.2823 build 20240712 and later QuTS hero h5.2.0.2802 build 20240620 and later

insecure temporary file

An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-32771 2.4 - Low - September 06, 2024

An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2782 build 20240601 and later QuTS hero h5.2.0.2782 build 20240601 and later

Improper Restriction of Excessive Authentication Attempts

An OS command injection vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-34979 7.2 - High - September 06, 2024

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790 build 20240605 and later QuTS hero h4.5.4.2790 build 20240606 and later

Shell injection

An OS command injection vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-38641 7.8 - High - September 06, 2024

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later

Shell injection

An OS command injection vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-34974 8.8 - High - September 06, 2024

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. QuTScloud, QVR, QES are not affected. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790 build 20240605 and later QuTS hero h4.5.4.2626 build 20231225 and later

Shell injection

An OS command injection vulnerability has been reported to affect legacy QTS

CVE-2023-39300 7.2 - High - September 06, 2024

An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS 4.3.4.2814 build 20240618 and later QTS 4.3.3.2784 build 20240619 and later QTS 4.2.6 build 20240618 and later

Shell injection

A missing authorization vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-39298 7.8 - High - September 06, 2024

A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors. QuTScloud, is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2737 build 20240417 and later QuTS hero h5.2.0.2782 build 20240601 and later

AuthZ

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-50366 4.8 - Medium - September 06, 2024

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

XSS

A path traversal vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-51366 6.5 - Medium - September 06, 2024

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Directory traversal

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-51367 8.8 - High - September 06, 2024

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Classic Buffer Overflow

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-51368 6.5 - Medium - September 06, 2024

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

NULL Pointer Dereference

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-21897 5.4 - Medium - September 06, 2024

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

XSS

An OS command injection vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-21898 8.8 - High - September 06, 2024

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Shell injection

An OS command injection vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-21903 4.7 - Medium - September 06, 2024

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Shell injection

A path traversal vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-21904 6.5 - Medium - September 06, 2024

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Directory traversal

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-32763 8.8 - High - September 06, 2024

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later

Classic Buffer Overflow

An OS command injection vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-21906 4.7 - Medium - September 06, 2024

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later

Shell injection

An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-21902 8.1 - High - May 21, 2024

An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Information Disclosure

A double free vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-27127 8.8 - High - May 21, 2024

A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute arbitrary code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Double-free

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-27128 8.8 - High - May 21, 2024

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Classic Buffer Overflow

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-27129 8.8 - High - May 21, 2024

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Classic Buffer Overflow

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-27130 8.8 - High - May 21, 2024

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Classic Buffer Overflow

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-50361 8.8 - High - April 26, 2024

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Classic Buffer Overflow

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-50362 8.8 - High - April 26, 2024

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Classic Buffer Overflow

An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-50363 8.1 - High - April 26, 2024

An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

AuthZ

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-50364 8.8 - High - April 26, 2024

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Classic Buffer Overflow

An injection vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-21900 6.5 - Medium - March 08, 2024

An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later

Injection

A SQL injection vulnerability has been reported to affect myQNAPcloud

CVE-2024-21901 4.7 - Medium - March 08, 2024

A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 ( 2023/11/24 ) and later QTS 4.5.4.2627 build 20231225 and later

SQL Injection

An improper authentication vulnerability has been reported to affect several QNAP operating system versions

CVE-2024-21899 9.8 - Critical - March 08, 2024

An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

authentification

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-41278 7.2 - High - February 02, 2024

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later

Classic Buffer Overflow

An OS command injection vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-41281 7.2 - High - February 02, 2024

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later

Shell injection

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-41279 7.2 - High - February 02, 2024

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later

Classic Buffer Overflow

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-41280 7.2 - High - February 02, 2024

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later

Classic Buffer Overflow

An OS command injection vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-41282 7.2 - High - February 02, 2024

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later

Shell injection

An OS command injection vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-41283 7.2 - High - February 02, 2024

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later

Shell injection

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-41292 7.2 - High - February 02, 2024

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTScloud c5.1.5.2651 and later

Classic Buffer Overflow

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-45036 7.2 - High - February 02, 2024

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later

Classic Buffer Overflow

An unchecked return value vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-50359 6.7 - Medium - February 02, 2024

An unchecked return value vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated administrators to place the system in a state that could lead to a crash or other unintended behaviors via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later

Unchecked Return Value

An OS command injection vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-47566 7.2 - High - February 02, 2024

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later

Shell injection

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-45037 7.2 - High - February 02, 2024

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later

Classic Buffer Overflow

A path traversal vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-45026 4.9 - Medium - February 02, 2024

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later

Directory traversal

An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions

CVE-2023-45028 4.9 - Medium - February 02, 2024

An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later

Allocation of Resources Without Limits or Throttling

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Qnap Qutscloud or by Qnap? Click the Watch button to subscribe.

Qnap
Vendor

Qnap Qts
Product

subscribe