QNAP HBS 3 - Broken Access Control

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...

Qnap QTS and QuTS hero Improper Neutralization of Special Elements used in a Command (CVE-2024-14026)

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions:...

QNAP Systems Media Streaming Add-On 安全漏洞

QNAP Systems Media Streaming Add-On is an extension component developed by QNAP Systems, a company from Taiwan, China, that provides media streaming services and content distribution capabilities for network storage devices. The QNAP Systems Media Streaming Add-On has a security vulnerability,...

QNAP Systems QuFTP Service 跨站脚本漏洞

QNAP Systems QuFTP Service is a service component provided by QNAP Systems, a company based in Taiwan, China. It offers File Transfer Protocol services and remote file access management capabilities. The QNAP Systems QuFTP Service has a cross-site scripting vulnerability. This vulnerability stems...

QNAP Systems QVR Pro 访问控制错误漏洞

QNAP Systems QVR Pro is a network video monitoring platform developed by QNAP Systems, Inc. in Taiwan, China. Versions of QNAP Systems QVR Pro prior to 2.7.4.14 contained an access control vulnerability. This vulnerability stemmed from the lack of authentication for critical functions, allowing...

CVE-2025-66277

A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3350 build...

QNAP Systems QuTS hero 代码问题漏洞

QNAP Systems QuTS hero is a software with data storage and management capabilities developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems QuTS hero prior to h5.3.2.3354 contained a code vulnerability caused by a null pointer dereferencing, which could lead to a...

QNAP Systems File Station 安全漏洞

QNAP Systems File Station is an archiving tool under the QTS platform developed by QNAP Systems. This application allows access to NAS files via a web interface. Versions of QNAP Systems File Station prior to 5.5.6.5068 had a security vulnerability caused by path traversal, which could allow remo...

QNAP Systems QTS和QNAP Systems QuTS hero 代码问题漏洞

QNAP Systems QTS and QNAP Systems QuTS Hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. There were code-related vulnerabilities in versions of QNAP Systems QTS 5.2.8.3332 build 20251128 and QNAP Systems QuTS Hero...

QNAP Systems File Station 5 路径遍历漏洞

QNAP Systems File Station 5 is a file management system developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems File Station 5 prior to 5.5.6.5190 contained a path traversal vulnerability. This vulnerability could lead to the reading of unexpected files or system dat...

QNAP Systems File Station 5 安全漏洞

QNAP Systems File Station 5 is a file management system developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems File Station 5 prior to 5.5.6.5068 contained security vulnerabilities. These vulnerabilities stemmed from unlimited resource allocation without any...

QNAP Systems QTS和QNAP Systems QuTS hero 后置链接漏洞

QNAP Systems QTS and QNAP Systems QuTS Hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems QTS prior to 5.2.8.3350, as well as QNAP Systems QuTS Hero versions prior to h5.3.2.3354 and...

QNAP Systems File Station 5 路径遍历漏洞

QNAP Systems File Station 5 is a file management system developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems File Station 5 prior to 5.0.0.4 had a path traversal vulnerability. This vulnerability allows for the execution of arbitrary commands, potentially leading ...

QNAP Systems File Station 5 缓冲区错误漏洞

QNAP Systems File Station 5 is a file management system developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems File Station 5 prior to 5.5.6.5068 had a buffer error vulnerability. This vulnerability stemmed from out-of-bounds read attacks, which could lead to the...

QNAP Systems Media Streaming add-on 操作系统命令注入漏洞

The QNAP Systems Media Streaming add-on is a multimedia enhancement plugin developed by QNAP Systems, a company from Taiwan, China. The QNAP Systems Media Streaming add-on has a vulnerability related to operating system command injection. This vulnerability stems from command injections, which ma...

QNAP Systems QuTS hero 安全漏洞

QNAP Systems QuTS hero is an operating system developed by QNAP Systems. Versions prior to h5.3.2.3354 of QNAP Systems QuTS hero contained a security vulnerability caused by a buffer overflow. This vulnerability could allow remote attackers to modify memory or cause processes to crash...

Qnap QTS and QuTS hero Authentication Bypass by Spoofing (CVE-2025-59385)

An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to access resources which are not otherwise accessible without proper authentication. We have already fixed the...

CVE-2023-45042

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2025-52863

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS...

CVE-2025-59380

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the...