CVE-2024-32771

An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via...

CVE-2023-34975

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. QuTScloud is not affected. We have already fixed the vulnerability in the following...

CVE-2023-41274

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service DoS attack via a network. We have already fixed the vulnerability in the following...

CVE-2023-32974

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions:...

CVE-2023-32969

A cross-site scripting XSS vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651...

CVE-2023-39298

A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors. QuTScloud, is not...

CVE-2023-50358

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later...

QNAP QuTScloud DoS Vulnerability (QSA-23-09)

QNAP QuTScloud is prone to denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qutscloud";...

CVE-2022-27600 QTS, QuTS hero, QuTScloud

An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following versions: QTS...

QNAP多款产品 信任管理问题漏洞

QNAP Systems QuTScloud and others are products of China Weilian Technology QNAP Systems.QNAP Systems QuTScloud is a cloud-optimized version of the QNAP NAS operating system.QNAP Systems QTS is an entry-level operating system.QNAP Systems QuTS hero is an operating system. A trust management issue...

Qnap QTS Command Injection (CVE-2021-44051)

A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS:...

Qnap QTS OS Command Injection (CVE-2023-47566)

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645...

Qnap QTS Out-of-bounds Write (CVE-2021-34343)

A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS...

Qnap QTS Cross-site Scripting (CVE-2018-19942)

A cross-site scripting XSS vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 and later QTS...

Qnap QTS Out-of-bounds Write (CVE-2021-28816)

A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS...

Qnap QTS Improper Authentication (CVE-2023-39303)

An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578...

Qnap Multiple Vulnerabilities in QTS, QuTS hero and QuTScloud (CVE-2023-47218)

Multiple vulnerabilities have been reported to affect several QNAP operating system versions. If exploited, the OS command injection vulnerabilities could allow users to execute commands via a network. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-o...

Qnap QTS Stack-based Buffer Overflow (CVE-2023-41279)

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

Qnap QTS OS Command Injection (CVE-2023-41282)

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596...

Qnap Multiple Vulnerabilities in QTS, QuTS hero and QuTScloud (CVE-2023-50358)

Multiple vulnerabilities have been reported to affect several QNAP operating system versions. If exploited, the OS command injection vulnerabilities could allow users to execute commands via a network. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-o...