QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors.
Max CVSS
10.0
EPSS Score
76.51%
Published
2017-03-23
Updated
2019-10-03
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors.
Max CVSS
10.0
EPSS Score
94.14%
Published
2017-03-23
Updated
2019-10-03
QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
Max CVSS
10.0
EPSS Score
95.91%
Published
2017-03-23
Updated
2019-10-03
QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges.
Max CVSS
10.0
EPSS Score
0.44%
Published
2018-06-05
Updated
2018-07-12
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to run arbitrary OS commands against the system with root privileges.
Max CVSS
10.0
EPSS Score
0.49%
Published
2018-03-08
Updated
2018-03-27
This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions.
Max CVSS
10.0
EPSS Score
29.06%
Published
2017-06-15
Updated
2020-09-11
In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application.
Max CVSS
10.0
EPSS Score
0.42%
Published
2017-09-19
Updated
2019-10-03
Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710.
Max CVSS
10.0
EPSS Score
0.22%
Published
2018-11-27
Updated
2020-01-16
Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS.
Max CVSS
10.0
EPSS Score
0.27%
Published
2018-11-28
Updated
2019-10-03

CVE-2019-7193

Known exploited
Used for ransomware
This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.
Max CVSS
10.0
EPSS Score
12.43%
Published
2019-12-05
Updated
2020-05-28
CISA KEV Added
2022-06-08

CVE-2021-28799

Known exploited
Used for ransomware
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3.0.210412 on QTS 4.3.6; versions prior to v3.0.210411 on QTS 4.3.4; versions prior to v3.0.210411 on QTS 4.3.3; versions prior to v16.0.0419 on QuTS hero h4.5.1; versions prior to v16.0.0419 on QuTScloud c4.5.1~c4.5.4. This issue does not affect: QNAP Systems Inc. HBS 2 . QNAP Systems Inc. HBS 1.3 .
Max CVSS
10.0
EPSS Score
88.98%
Published
2021-05-13
Updated
2023-11-14
CISA KEV Added
2022-03-31
An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions of HBS 3: QTS 4.3.6: HBS 3 v3.0.210507 and later QTS 4.3.4: HBS 3 v3.0.210506 and later QTS 4.3.3: HBS 3 v3.0.210506 and later
Max CVSS
10.0
EPSS Score
0.58%
Published
2021-07-08
Updated
2021-07-12
An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 and later Video Station 5.3.13 and later Video Station 5.1.8 and later
Max CVSS
10.0
EPSS Score
0.18%
Published
2022-05-05
Updated
2022-05-13
An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later
Max CVSS
10.0
EPSS Score
0.18%
Published
2022-05-05
Updated
2022-05-13

CVE-2022-27593

Known exploited
Used for ransomware
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later
Max CVSS
10.0
EPSS Score
56.35%
Published
2022-09-08
Updated
2022-09-13
CISA KEV Added
2022-09-08
QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models
Max CVSS
9.8
EPSS Score
0.35%
Published
2021-08-09
Updated
2024-03-21
The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21.
Max CVSS
9.8
EPSS Score
0.42%
Published
2016-02-27
Updated
2016-03-11
Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station.
Max CVSS
9.8
EPSS Score
0.24%
Published
2017-08-18
Updated
2019-10-03

CVE-2017-13067

Public exploit
QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port 9251. A remote user does not require any privileges to successfully execute an attack.
Max CVSS
9.8
EPSS Score
1.39%
Published
2017-09-14
Updated
2019-10-03
QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier. If exploited, these vulnerabilities may allow a remote attacker to run arbitrary commands on the NAS.
Max CVSS
9.8
EPSS Score
0.27%
Published
2017-10-06
Updated
2017-11-01
QNAP has already patched this vulnerability. This security concern allows a remote attacker to run arbitrary commands on the QNAP Video Station 5.1.3 (for QTS 4.3.3), 5.2.0 (for QTS 4.3.4), and earlier.
Max CVSS
9.8
EPSS Score
0.49%
Published
2017-11-22
Updated
2017-12-12
A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.
Max CVSS
9.8
EPSS Score
3.12%
Published
2017-12-21
Updated
2018-01-04
A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.
Max CVSS
9.8
EPSS Score
3.12%
Published
2017-12-21
Updated
2018-01-04
A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.
Max CVSS
9.8
EPSS Score
3.12%
Published
2017-12-21
Updated
2018-01-04
A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.
Max CVSS
9.8
EPSS Score
3.12%
Published
2017-12-21
Updated
2018-01-04
276 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!