QNAP QuTScloud Multiple Vulnerabilities (QSA-24-09)

QNAP QuTScloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qutscloud"; ifdescripti...

The vulnerability of the QTS, QuTS Hero, QuTScloud, and myQNAPcloud operating systems exists due to the lack of measures to neutralize special elements, allowing attackers to execute arbitrary commands.

The vulnerability of the QTS, QuTS Hero, QuTScloud, and myQNAPcloud operating systems exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

QNAP QuTScloud Multiple OS Command Injection Vulnerabilities (QSA-24-12)

QNAP QuTScloud is prone to multiple OS command injection vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

QNAP QuTScloud XSS Vulnerability (QSA-24-11)

QNAP QuTScloud is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-21899

An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578...

CVE-2024-21899

An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578...

CVE-2023-32969

A cross-site scripting XSS vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651...

Sql injection

An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and...

Cross site scripting

A cross-site scripting XSS vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651...

CVE-2024-21900

The CVE-2024-21900 entry describes an injection vulnerability affecting several QNAP operating system versions. Authenticated users could potentially execute commands over the network due to the underlying injection flaw. Affected product families include QTS, QuTS hero, and QuTScloud. Remediatio...

CVE-2024-21900 QTS, QuTS hero, QuTScloud

An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and...

CVE-2024-21899 QTS, QuTS hero, QuTScloud

An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578...

CVE-2024-21899

CVE-2024-21899 describes an improper authentication vulnerability affecting several QNAP operating system lines (QTS and QuTS variants). The connected sources specify impact on QTS 5.1.3.2578 build 20231110 and later, QTS 4.5.4.2627 build 20231225 and later, QuTS hero h5.1.3.2578 build 20231110 a...

CVE-2023-32969 Network & Virtual Switch

A cross-site scripting XSS vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651...

CVE-2023-32969 Network & Virtual Switch

A cross-site scripting XSS vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651...

CVE-2023-32969

Summary (CVE-2023-32969) A cross-site scripting (XSS) vulnerability affects QNAP’s Network & Virtual Switch across multiple product lines (QuTScloud, QTS, QuTS hero). The issue allows authenticated administrators to inject malicious code via a network. Affected/fixed versions: QuTScloud c5.1.5.26...

QNAP Systems Cross-Site Scripting Vulnerability in Multiple Products

QNAP Systems QuTScloud and others are products of China Weilian Technology QNAP Systems.QNAP Systems QuTScloud is a cloud-optimized version of the QNAP NAS operating system.QNAP Systems QTS is an operating system for entry- to mid-range QNAP NAS use. QNAP Systems QuTS hero is an operating system....

PT-2024-2009 · Qnap · Qts +2

Name of the Vulnerable Software and Affected Versions: QTS versions prior to 5.1.3.2578 build 20231110 QTS versions prior to 4.5.4.2627 build 20231225 QuTS hero versions prior to h5.1.3.2578 build 20231110 QuTS hero versions prior to h4.5.4.2626 build 20231225 QuTScloud versions prior to...

QNAP Systems Multiple Product Injection Vulnerabilities

QNAP Systems QuTScloud and others are products of China Weilian Technology QNAP Systems.QNAP Systems QuTScloud is a cloud-optimized version of the QNAP NAS operating system.QNAP Systems QTS is an operating system for entry- to mid-range QNAP NAS use. QNAP Systems QuTS hero is an operating system...

The vulnerability of the Quick.cgi file allows attackers to execute arbitrary commands on QTS, QuTS hero, and QuTScloud operating systems for network devices from Qnap.

The vulnerability of the Quick.cgi file exists in operating systems such as QTS, QuTS Hero, and QuTScloud, as well as in networking devices from Qnap. This vulnerability stems from the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this...