62 matches found
CVE-2023-50358
CVE-2023-50358 is an OS command-injection vulnerability affecting multiple QNAP OS lines, including QTS and QuTS variants. The advisory notes that, if exploited, an attacker could execute commands over the network. QNAP has fixed this vulnerability in specific releases: QTS 5.1.5.2645+ (build 202...
CVE-2023-23368
CVE-2023-23368 is an OS command injection affecting QNAP QTS/QuTS systems, allowing network-based command execution. Affected products and fixed versions are documented: QTS 5.0.1.2376 build 20230421 and later; QTS 4.5.4.2374 build 20230416 and later; QuTS hero h5.0.1.2376 build 20230421 and late...
CVE-2024-21899
CVE-2024-21899 describes an improper authentication vulnerability affecting several QNAP operating system lines (QTS and QuTS variants). The connected sources specify impact on QTS 5.1.3.2578 build 20231110 and later, QTS 4.5.4.2627 build 20231225 and later, QuTS hero h5.1.3.2578 build 20231110 a...
CVE-2023-47218
Summary : CVE-2023-47218 is an OS command injection vulnerability affecting QNAP QTS, QuTS Hero, and QuTScloud. The flaw allows unauthenticated users on the local/network path to execute commands remotely via the affected OS components (notably the OS command injection vector reported for QTS/QuT...
CVE-2021-44051
CVE-2021-44051 affects QNAP NAS running QTS, QuTS hero, and QuTScloud (remote command execution via a command-injection flaw). The NVD entry lists CVSS v3.1 base score 8.8 (high) with network access, low attack complexity, and no user interaction required; impact to confidentiality, integrity, an...
CVE-2021-38693
CVE-2021-38693 is a path-traversal vulnerability affecting QNAP devices running QuTScloud, QuTS hero, QTS, and QVR Pro Appliance. The issue is triggered via path traversal in thttpd, enabling read access to potentially sensitive files. Public references in the provided documents confirm remediati...
CVE-2023-23355
CVE-2023-23355 is an OS command injection affecting QNAP QTS/QuTS hero/QuTScloud (QVR/QVP-related appliances). The vulnerability could allow remote authenticated administrators to execute commands via unspecified vectors; QES is not affected. Affected products and fixed versions are explicitly li...
CVE-2021-44054
CVE-2021-44054: Open redirect in QNAP devices running QuTScloud, QuTS hero, and QTS. Affects QuTScloud, QuTS hero (h5.0.0.1949+; build 20220215+) and (h4.5.4.1951; build 20220218+), as well as QTS (5.0.0.1986; build 20220324+) and (4.5.4.1991; build 20220329+). Root cause described as an open red...
CVE-2021-44053
CVE-2021-44053 is a cross-site scripting (XSS) vulnerability affecting QNAP devices running QTS, QuTS hero, and QuTScloud. The issue allows remote attackers to inject malicious code. Fixed in QTS 4.5.4.1991 build 20220329 and later, QTS 5.0.0.1986 build 20220324 and later, QuTS hero h5.0.0.1986 b...
CVE-2022-27600
CVE-2022-27600 is an uncontrolled resource consumption vulnerability impacting several QNAP OS lines, notably QTS, QuTS hero, and QuTScloud. According to connected sources, remote attackers could cause a denial-of-service (DoS). Affected products/versions include QTS 5.0.1.2277 and later, QTS 4.5...
CVE-2024-21900
The CVE-2024-21900 entry describes an injection vulnerability affecting several QNAP operating system versions. Authenticated users could potentially execute commands over the network due to the underlying injection flaw. Affected product families include QTS, QuTS hero, and QuTScloud. Remediatio...
CVE-2021-28806
CVE-2021-28806 is a DOM-based XSS affecting QNAP NAS UI components in QTS and QuTS hero. Affected: QTS before 4.5.3.1652 Build 20210428; QuTS hero before h4.5.2.1638 Build 20210414; QuTScloud before c4.5.5.1656 Build 20210503. Not affecting QTS 4.3.6/4.3.3. Root cause: DOM-based XSS in web interf...
CVE-2021-28816
CVE-2021-28816 is a stack-based buffer overflow affecting QNAP QTS, QuTScloud, and QuTS hero. The vulnerability could allow arbitrary code execution if exploited. Affected QTS/QuTS versions fixed include QTS 4.5.4.1715 build 20210630 and later, QTS 5.0.0.1716 build 20210701 and later, QTS 4.3.3.1...
CVE-2021-44052
CVE-2021-44052 affects QNAP devices running QuTScloud, QuTS hero, and QTS. It is an improper link resolution before file access ("link following") vulnerability that could allow remote attackers to traverse the file system and read or overwrite files in unintended locations. Affected components a...
CVE-2024-32766
CVE-2024-32766 is an OS command injection affecting QNAP QTS (5.1.3.2578+), QTS (4.5.4.2627+), QuTS hero (h5.1.3.2578+, h4.5.4.2626+), and QuTScloud (c5.1.5.2651+). Root cause: insufficient input sanitization allowing network-executed commands. Affected versions are listed; fixes are provided in ...
CVE-2018-19942
CVE-2018-19942 is a cross-site scripting (XSS) vulnerability affecting earlier versions of QNAP File Station. The included sources indicate the flaw was fixed in multiple product lines and versions, including QTS 4.5.2.1566 and later, QTS 4.5.1.1456 and later, QTS 4.3.6.1446 and later, QTS 4.3.4....
CVE-2022-27597
CVE-2022-27597 affects QNAP QTS, QuTS hero, QuTScloud, and QVP (QVR Pro appliances). A out-of-bounds read vulnerability could allow remote authenticated administrators to obtain secret values. Affected components are not detailed beyond the OS families; root cause is described as an out-of-bounds...
CVE-2023-23367
CVE-2023-23367 affects multiple QNAP platforms (QTS, QuTS hero, QuTScloud) with an OS command injection vulnerability that could allow authenticated administrators to execute commands over the network. Affected versions: QTS 5.0.1.2376 build 20230421 and later; QuTS hero h5.0.1.2376 build 2023042...
CVE-2023-45025
CVE-2023-45025 is an OS command injection affecting QNAP QTS and QuTS Hero/QS Cloud products. Affected versions include QTS 5.1.4.2596+ (build 20231128+), QTS 4.5.4.2627+ (build 20231225+), QuTS Hero h5.1.4.2596+ (build 20231128+), QuTS Hero h4.5.4.2626+ (build 20231225+), and QuTScloud c5.1.5.26...
CVE-2022-27598
CVE-2022-27598 affects QNAP QTS, QuTS hero, QuTScloud, and QVP (QVR Pro appliances). It is an out-of-bounds read that could allow remote authenticated administrators to obtain secret values. Fixed in QTS 5.0.1.2346 build 20230322+ and QuTS hero h5.0.1.2348 build 20230324+. Connected sources confi...
CVE-2023-32971
Summary: CVE-2023-32971 is a buffer copy without input size checking that affects multiple QNAP OS releases. Affected products/areas: QTS and QuTS hero/QuTScloud family (QTS 5.0.1.2425+, QTS 5.1.0.2444+, QTS 4.5.4.2467+, QuTS hero h5.0.1.2515+, h5.1.0.2424+, h4.5.4.2476+, QuTScloud c5.1.0.2498+)....
CVE-2021-38674
CVE-2021-38674 is an XSS vulnerability affecting QTS, QuTS hero, and QuTScloud. Publicly documented vulnerable components include the QTS/QTS hero/QuTScloud web interfaces, with remote attacker exploitation enabling injection of malicious code. The NVD/NVD-derived entries list fixes in QTS 4.5.4....
CVE-2023-32969
Summary (CVE-2023-32969) A cross-site scripting (XSS) vulnerability affects QNAP’s Network & Virtual Switch across multiple product lines (QuTScloud, QTS, QuTS hero). The issue allows authenticated administrators to inject malicious code via a network. Affected/fixed versions: QuTScloud c5.1.5.26...
CVE-2021-34343
CVE-2021-34343 describes a stack buffer overflow affecting QNAP devices running QTS, QuTScloud, and QuTS hero . The vulnerability could allow an attacker to execute arbitrary code. Affected releases have been fixed in: QTS 4.5.4.1715 build 20210630 and later , QTS 5.0.0.1716 build 20210701 and la...
CVE-2024-27124
CVE-2024-27124 is an OS command injection vulnerability affecting QNAP QTS, QuTS hero, and QuTScloud. Exploitation could allow an attacker to execute arbitrary commands over the network, with no required privileges and user interaction needed. The issue has been fixed in: QTS 5.1.3.2578+ (build 2...
CVE-2023-47567
CVE-2023-47567 is an OS command injection affecting multiple QNAP OS lines. The vulnerability could allow authenticated administrators to execute commands over the network. Public artifacts list fixes in specific releases: QTS 5.1.5.2645 build 20240116 and later; QTS 4.5.4.2627 build 20231225 and...
CVE-2023-32974
CVE-2023-32974 is a path traversal vulnerability affecting QNAP QTS, QuTS hero, and QuTScloud. The issue could allow reading content from unexpected files and exposing sensitive data over the network. Affected versions have been fixed in QTS 5.1.0.2444+ (build 20230629+), QuTS hero h5.1.0.2424+ (...
CVE-2018-19941
CVE-2018-19941 affects QNAP NAS devices, enabling an attacker to read sensitive information stored in cleartext cookies. Concrete details in connected sources show the affected products and fixed versions: QTS 4.5.1.1456 build 20201015 (and later); QuTS hero h4.5.1.1472 build 20201031 (and later)...
CVE-2023-23362
CVE-2023-23362 is an OS command injection affecting QNAP QTS, QuTS Hero, QuTScloud. The issue allows remote authenticated users to execute commands via vulnerable QNAP devices. Public disclosures in the provided sources confirm the vulnerability and list fixed versions: QTS 5.0.1.2376 build 20230...
CVE-2023-51364
A path traversal vulnerability (CVE-2023-51364) affects several QNAP operating systems and could allow reading contents of unintended files and exposing sensitive data over a network. Affected products/versions include QTS 5.1.4.2596 build 20231128 and later; QTS 4.5.4.2627 build 20231225 and lat...
CVE-2023-32970
CVE-2023-32970 is a NULL pointer dereference vulnerability affecting several QNAP OS lines. The issue allows authenticated administrators to cause a denial-of-service over the network; QES is not affected. Fixed in: QuTS hero h5.0.1.2515+ (build 20230907+), h5.1.0.2453+ (build 20230708+), h4.5.4....
CVE-2024-21905
CVE-2024-21905 is an integer overflow/wraparound vulnerability affecting QNAP QTS, QuTS Hero, and QuTScloud. The issue could allow an attacker to compromise the system remotely over the network. Affected/confirmed versions include QTS 5.1.3.2578 build 20231110 and later, QuTS Hero h5.1.3.2578 bui...
CVE-2023-32973
CVE-2023-32973 (QNAP) arises from a buffer copy without input size checking, allowing authenticated administrators to execute code over the network. Documented impact affects multiple QNAP OS lines, with fixed versions listed: QTS 5.0.1.2425+ (build 20230609+), QTS 5.1.0.2444+ (build 20230629+), ...
CVE-2023-51365
CVE-2023-51365 is a path traversal vulnerability in QNAP QTS/QTS Hero/QTScloud products. The issue could allow an attacker to read sensitive files over the network. Fixed in QTS 5.1.4.2596+ (build 20231128), QTS 4.5.4.2627+ (build 20231225), QuTS hero h5.1.3.2578+ (build 20231110), QuTS hero h4.5...
CVE-2023-41273
CVE-2023-41273 is a heap-based buffer overflow affecting several QNAP OS lines (QTS, QuTS hero, QuTScloud). The vulnerability allows an authenticated administrator to execute code over the network. Affected/fixed versions include QTS 5.1.2.2533 build 20230926 and later; QuTS hero h5.1.2.2534 buil...
CVE-2018-19957
CVE-2018-19957 concerns insufficient HTTP security headers in QNAP QTS, QuTS hero, and QuTScloud. The vulnerability affects QNAP NAS platforms running QTS, QuTS hero, and QuTScloud, enabling remote attackers to launch privacy/security attacks. The issue has been addressed by explicit fixes: QTS 4...
CVE-2023-39302
CVE-2023-39302 is an OS command injection vulnerability in several QNAP OS versions. Affected products include QTS, QuTS hero, and QuTScloud. The root cause is command execution via the network by an authenticated administrator. Impact is described as high in CVSS terms; exploitation requires net...
CVE-2023-41275
CVE-2023-41275 describes a buffer-copy vulnerability in QNAP OSes that allows an authenticated administrator to execute code over the network due to input size mischecking. Affected products include QTS (versions prior to 5.1.2.2533), QuTS hero, and QuTScloud. The underlying root cause is a buffe...
CVE-2023-47568
CVE-2023-47568 is a SQL injection vulnerability reported for several QNAP OS lines (QTS, QTS Hero, QuTS, QuTScloud). The issue allows an authenticated user to inject malicious code via a network, indicating a server-side injection in affected components exposed to network input. The vulnerability...
CVE-2023-45026
CVE-2023-45026 is a path traversal vulnerability reported to affect several QNAP OS lines (QTS, QuTS Hero, QuTScloud). The issue could allow authenticated administrators to read contents of unintended files and expose sensitive data over a network. Fixed in QTS 5.1.5.2645 build 20240116 and later...
CVE-2023-32972
CVE-2023-32972 affects QNAP QTS/QTS hero/QTScloud line: a buffer copy without input size checking can allow an authenticated administrator to execute code over the network. Root cause is improper input size handling in the affected component; no exploit details are provided in the documents. Affe...
CVE-2023-39303
CVE-2023-39303 describes an improper authentication vulnerability in QNAP OSes (QTS, QuTS hero, QuTScloud) that could allow network-based compromise of the system. Affected products include QTS 5.1.3.2578+ (build 20231110 and later), QuTS hero h5.1.3.2578+ (build 20231110 and later), and QuTSclou...
CVE-2023-45028
CVE-2023-45028 is an reported uncontrolled resource consumption vulnerability affecting multiple QNAP OS families (QTS, QuTS hero, QuTScloud). The issue allows authenticated administrators to trigger a network-based denial-of-service (DoS). Affected versions are fixed in QTS 5.1.5.2645/build 2024...
CVE-2023-39297
CVE-2023-39297 is an OS command injection affecting several QNAP OS versions. The root cause is command execution via the network by authenticated users. Impact is high: confidentiality, integrity, and availability are all rated high (CVSS v3.1: 8.8). Affected products include QTS and QuTS Hero/C...
CVE-2023-45027
CVE-2023-45027 is a path-traversal vulnerability affecting multiple QNAP OS lines: QTS, QuTS hero, and QuTScloud. The issue could allow an authenticated administrator to read contents of unexpected files and exfiltrate sensitive data over the network. Fixes are available in: QTS 5.1.5.2645 build ...
CVE-2023-41281
CVE-2023-41281 is an OS command injection vulnerability affecting QNAP QTS, QuTS hero, and QuTScloud. Authenticated administrators could execute commands over the network on affected OS versions. QNAP reports fixes in QTS 5.1.4.2596 build 20231128 and later, QuTS hero h5.1.4.2596 build 20231128 a...
CVE-2023-47566
CVE-2023-47566 is an OS command injection affecting several QNAP OS versions (QTS, QuTS hero, QuTScloud). The vulnerability could allow authenticated administrators to execute commands over the network. The specification provides concrete fixes: QTS 5.1.5.2645 build 20240116 and later; QuTS hero ...
CVE-2023-41277
CVE-2023-41277 is a buffer copy vulnerability in QNAP QTS/QuTS products. Affected: QTS 5.1.2.2533 build 20230926 and later; QuTS hero h5.1.2.2534 build 20230927 and later; QuTScloud c5.1.5.2651 and later. Root cause: a buffer copy without checking input size. Impact: remotely exploitable by an au...
CVE-2023-41283
Summary of CVE-2023-41283 (QNAP OS command injection) : An OS command injection vulnerability affecting multiple QNAP OS versions has been reported. If exploited, authenticated administrators could execute commands over the network. The issue has been fixed in: QTS 5.1.4.2596 build 20231128 and l...
CVE-2023-45035
CVE-2023-45035 is a buffer copy vulnerability in QNAP QTS/QuTS OSes that can allow authenticated administrators to execute code over the network. According to the sources, the issue affects QTS 5.1.4.2596 build 20231128 and later, QuTS hero h5.1.4.2596 build 20231128 and later, and QuTScloud c5.1...