QNAP Music Station < 5.4.0 - Authentication Bypass

An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Music Station 5.4.0 and later id:...

QNAP QTS Photo Station External Reference - Local File Inclusion

QNAP QTS Photo Station External Reference is vulnerable to local file inclusion via an externally controlled reference to a resource vulnerability. If exploited, this could allow an attacker to modify system files. The vulnerability is fixed in the following versions: QTS 5.0.1: Photo Station 6.1...

QNAP Photo Station < 6.0.3 - Remote Code Execution

QNAP Photo Station versions prior to 6.0.3 contain multiple vulnerabilities that, when chained together, enable unauthenticated remote code execution RCE. id: CVE-2019-7194 info: name: QNAP Photo Station 6.0.3 - Remote Code Execution author: x-stp severity: critical description: | QNAP Photo...

QNAP QTS and QuTS Hero - OS Command Injection

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later...

QNAP Photo Station - Path Traversal

QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files. id: CVE-2019-7195 info: name: QNAP Photo Station - Path Traversal author: s4e-io severity: critical description: | QNAP devices running Pho...

QNAP HBS 3 - Broken Access Control

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...

QNAP QTS and Photo Station 6.0.3 - Remote Command Execution

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. id: CVE-2019-7192 info: name: QNAP QTS and Photo Station 6.0.3 - Remote Command Execution...

QNAP TS-453E QVRPro excpostgres Exposed Dangerous Method Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the QVRPro Plugin. The issue results from an exposed dangerous method. An...

(Pwn2Own) QNAP TS-453E server_handlers.pyc rr2s.kwargs Error Message Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of QNAP TS-453E devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

(Pwn2Own) QNAP QHora-322 login.newAuthMiddleware.Authenticator Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the quroutertoken parameter provided to the...

(Pwn2Own) QNAP TS-453E write_file_to_svr External Control of File Path Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

(Pwn2Own) QNAP QHora-322 ip6_wanifset Improper Restriction of Communication Channel to Intended Endpoints Firewall Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass firewall rules on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of firewall rules. The issue results from failing to...

(Pwn2Own) QNAP QHora-322 qvpn_db_mgr username SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the qvpndbmgr module...

(Pwn2Own) QNAP QHora-322 qvpn_db_mgr role_type Improper Neutralization of Escape Sequences Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected QNAP QHora-322 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the roletype parameter...

CVE-2024-14026

A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in th...

CVE-2025-62845

creationtimestamp| type| source ---|---|--- 2026-03-23 10:37:14+00:00| seen| https://www.acn.gov.it/portale/w/vulnerabilita-in-prodotti-qnap-7 2026-03-23 14:40:07+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mhqc3gk4px2k...

CVE-2025-62846

creationtimestamp| type| source ---|---|--- 2026-03-23 10:37:14+00:00| seen| https://www.acn.gov.it/portale/w/vulnerabilita-in-prodotti-qnap-7 2026-03-23 14:40:07+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mhqc3gk4px2k...

Qnap QTS and QuTS hero Improper Neutralization of Special Elements used in an OS Command (CVE-2024-14026)

A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in th...

Qnap QTS and QuTS hero Improper Neutralization of CRLF Sequences (CVE-2024-14026)

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already fixed the...

Qnap QTS and QuTS hero Improper Neutralization of CRLF Sequences (CVE-2024-14026)

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We have already fixed the...