QNAP QTS and QuTS Hero - OS Command Injection

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later...

QNAP QTS and Photo Station 6.0.3 - Remote Command Execution

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. id: CVE-2019-7192 info: name: QNAP QTS and Photo Station 6.0.3 - Remote Command Execution...

CVE-2024-14026

A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in th...

Qnap QTS and QuTS hero Improper Neutralization of CRLF Sequences (CVE-2024-14026)

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We have already fixed the...

Qnap QTS and QuTS hero Improper Neutralization of Special Elements used in a Command (CVE-2024-14026)

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions:...

CVE-2024-14026

CVE-2024-14026 affects QNAP QTS and QuTS hero operating systems. A local network attacker with a user account can exploit a command-injection to run arbitrary commands. Fixed in QTS 5.1.9.2954 build 20241120 and later; QTS 5.2.3.3006 build 20250108 and later; QuTS hero h5.1.9.2954 build 20241120 ...

PT-2026-24596

🚨 CVE-2024-14026 A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the...

QNAP Systems QTS和QNAP Systems QuTS hero 安全漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both QNAP Systems QTS and QNAP Systems QuTS hero have security vulnerabilities; these vulnerabilities stem from command injecti...

CVE-2025-58466

A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways. We have alread...

Qnap QTS and QuTS hero Buffer Copy without Checking Size of Input (CVE-2025-48725)

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QuTS hero...

Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-66274)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2025-66277

A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3350 build...

CVE-2025-47205

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2025-47205

A NULL pointer dereference vulnerability affecting several QNAP OS lines. An attacker who already has an administrator account can trigger a network-based DoS on affected systems. Affected products include QTS 5.2.8.3332 build 20251128 and later, and QuTS hero h5.2.8.3321 build 20251117 and later...

CVE-2025-47205 QTS, QuTS hero

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

CVE-2025-58466 QTS, QuTS hero

A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways. We have alread...

CVE-2025-58466

CVE-2025-58466 affects QNAP QTS and QuTS hero: a use of uninitialized variable issue that can be exploited by an attacker with an administrator account to cause denial of service or alter control flow. Affected: QTS before 5.2.8.3332 build 20251128 and earlier; QuTS hero before h5.2.8.3321 build ...

CVE-2025-66277 QTS, QuTS hero

A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3350 build...

CVE-2025-66277

A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3350 build...

QNAP Systems QTS和QNAP Systems QuTS hero 安全漏洞

QNAP Systems QTS and QNAP Systems QuTS Hero are both software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. There were security vulnerabilities in versions of QNAP Systems QTS 5.2.8.3332 and QNAP Systems QuTS Hero h5.2.8.3321. The...