QNAP QTS / QuTS hero Vulnerabilities in QTS, QuTS hero, QuTScloud, and QVP (QSA-23-06)

The version of QNAP QTS / QuTS hero installed on the remote host is affected by multiple vulnerabilities as referenced in the QSA-23-06 advisory. A vulnerability have been reported to affect multiple QNAP operating systems. If exploited, the vulnerability allow remote authenticated users to get...

Design/Logic Flaw

A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP QVR Pro appliances...

CVE-2023-23355

An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors. QES is not affected. We have already fixed the vulnerability in the following...

Command injection

An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors. QES is not affected. We have already fixed the vulnerability in the following...

CVE-2023-23355 QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR

An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors. QES is not affected. We have already fixed the vulnerability in the following...

CVE-2022-27597 QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)

A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP QVR Pro appliances...

PT-2023-2149 · Qnap · Qnap Qts +3

Name of the Vulnerable Software and Affected Versions: QNAP QTS versions prior to 5.0.1.2346 build 20230322 QNAP QuTS hero versions prior to h5.0.1.2348 build 20230324 QNAP QuTScloud affected versions not specified QNAP QVP QVR Pro appliances affected versions not specified Description: A...

CVE-2022-27598

CVE-2022-27598 affects QNAP QTS, QuTS hero, QuTScloud, and QVP (QVR Pro appliances). It is an out-of-bounds read that could allow remote authenticated administrators to obtain secret values. Fixed in QTS 5.0.1.2346 build 20230322+ and QuTS hero h5.0.1.2348 build 20230324+. Connected sources confi...

CVE-2022-27597

CVE-2022-27597 affects QNAP QTS, QuTS hero, QuTScloud, and QVP (QVR Pro appliances). A out-of-bounds read vulnerability could allow remote authenticated administrators to obtain secret values. Affected components are not detailed beyond the OS families; root cause is described as an out-of-bounds...

CVE-2022-27597 QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)

A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP QVR Pro appliances...

Critical PHP Vulnerability Exposes QNAP NAS Devices to Remote Attacks

QNAP, Taiwanese maker of network-attached storage NAS devices, on Wednesday said it's in the process of fixing a critical three-year-old PHP vulnerability that could be abused to achieve remote code execution. "A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x bel...

QNAP QuTScloud RCE Vulnerability (QSA-22-20)

QNAP QuTScloud is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

QNAP QuTScloud Multiple Samba Vulnerabilities (QSA-22-03)

QNAP QuTScloud is prone to multiple vulnerabilities in Samba. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qutscloud";...

QNAP QuTScloud Privilege Escalation Vulnerability (QSA-22-05)

QNAP QuTScloud is prone to a local privilege escalation vulnerability, also known as dirty pipe. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

QNAP QuTS hero Multiple Vulnerabilities (QSA-22-12)

QNAP QuTScloud is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

QNAP QuTScloud Path Traversal Vulnerability (QSA-22-13)

QNAP QuTScloud is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qutscloud";...

QNAP QuTScloud Multiple Vulnerabilities (QSA-22-16)

QNAP QuTScloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qutscloud"; ifdescripti...

QNAP QuTScloud RCE Vulnerability (QSA-21-57)

QNAP QuTScloud is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

QNAP QuTScloud XSS Vulnerability (QSA-21-63)

QNAP QuTScloud is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2021-34360

A cross-site request forgery CSRF vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy...