15 matches found
CVE-2024-21899
CVE-2024-21899 describes an improper authentication vulnerability affecting several QNAP operating system lines (QTS and QuTS variants). The connected sources specify impact on QTS 5.1.3.2578 build 20231110 and later, QTS 4.5.4.2627 build 20231225 and later, QuTS hero h5.1.3.2578 build 20231110 a...
CVE-2021-44051
CVE-2021-44051 affects QNAP NAS running QTS, QuTS hero, and QuTScloud (remote command execution via a command-injection flaw). The NVD entry lists CVSS v3.1 base score 8.8 (high) with network access, low attack complexity, and no user interaction required; impact to confidentiality, integrity, an...
CVE-2021-38693
CVE-2021-38693 is a path-traversal vulnerability affecting QNAP devices running QuTScloud, QuTS hero, QTS, and QVR Pro Appliance. The issue is triggered via path traversal in thttpd, enabling read access to potentially sensitive files. Public references in the provided documents confirm remediati...
CVE-2021-44054
CVE-2021-44054: Open redirect in QNAP devices running QuTScloud, QuTS hero, and QTS. Affects QuTScloud, QuTS hero (h5.0.0.1949+; build 20220215+) and (h4.5.4.1951; build 20220218+), as well as QTS (5.0.0.1986; build 20220324+) and (4.5.4.1991; build 20220329+). Root cause described as an open red...
CVE-2021-44053
CVE-2021-44053 is a cross-site scripting (XSS) vulnerability affecting QNAP devices running QTS, QuTS hero, and QuTScloud. The issue allows remote attackers to inject malicious code. Fixed in QTS 4.5.4.1991 build 20220329 and later, QTS 5.0.0.1986 build 20220324 and later, QuTS hero h5.0.0.1986 b...
CVE-2024-21900
The CVE-2024-21900 entry describes an injection vulnerability affecting several QNAP operating system versions. Authenticated users could potentially execute commands over the network due to the underlying injection flaw. Affected product families include QTS, QuTS hero, and QuTScloud. Remediatio...
CVE-2021-28806
CVE-2021-28806 is a DOM-based XSS affecting QNAP NAS UI components in QTS and QuTS hero. Affected: QTS before 4.5.3.1652 Build 20210428; QuTS hero before h4.5.2.1638 Build 20210414; QuTScloud before c4.5.5.1656 Build 20210503. Not affecting QTS 4.3.6/4.3.3. Root cause: DOM-based XSS in web interf...
CVE-2021-28816
CVE-2021-28816 is a stack-based buffer overflow affecting QNAP QTS, QuTScloud, and QuTS hero. The vulnerability could allow arbitrary code execution if exploited. Affected QTS/QuTS versions fixed include QTS 4.5.4.1715 build 20210630 and later, QTS 5.0.0.1716 build 20210701 and later, QTS 4.3.3.1...
CVE-2021-44052
CVE-2021-44052 affects QNAP devices running QuTScloud, QuTS hero, and QTS. It is an improper link resolution before file access ("link following") vulnerability that could allow remote attackers to traverse the file system and read or overwrite files in unintended locations. Affected components a...
CVE-2018-19942
CVE-2018-19942 is a cross-site scripting (XSS) vulnerability affecting earlier versions of QNAP File Station. The included sources indicate the flaw was fixed in multiple product lines and versions, including QTS 4.5.2.1566 and later, QTS 4.5.1.1456 and later, QTS 4.3.6.1446 and later, QTS 4.3.4....
CVE-2021-38674
CVE-2021-38674 is an XSS vulnerability affecting QTS, QuTS hero, and QuTScloud. Publicly documented vulnerable components include the QTS/QTS hero/QuTScloud web interfaces, with remote attacker exploitation enabling injection of malicious code. The NVD/NVD-derived entries list fixes in QTS 4.5.4....
CVE-2021-34343
CVE-2021-34343 describes a stack buffer overflow affecting QNAP devices running QTS, QuTScloud, and QuTS hero . The vulnerability could allow an attacker to execute arbitrary code. Affected releases have been fixed in: QTS 4.5.4.1715 build 20210630 and later , QTS 5.0.0.1716 build 20210701 and la...
CVE-2018-19941
CVE-2018-19941 affects QNAP NAS devices, enabling an attacker to read sensitive information stored in cleartext cookies. Concrete details in connected sources show the affected products and fixed versions: QTS 4.5.1.1456 build 20201015 (and later); QuTS hero h4.5.1.1472 build 20201031 (and later)...
CVE-2018-19957
CVE-2018-19957 concerns insufficient HTTP security headers in QNAP QTS, QuTS hero, and QuTScloud. The vulnerability affects QNAP NAS platforms running QTS, QuTS hero, and QuTScloud, enabling remote attackers to launch privacy/security attacks. The issue has been addressed by explicit fixes: QTS 4...
CVE-2023-39301
CVE-2023-39301 describes an SSRF vulnerability affecting QNAP QTS/QTS Hero/QTScloud, allowing authenticated users to read application data over the network. Affected products include QTS (versions prior to 5.0.1.2514 and 5.1.1.2491+), QuTS hero (h5.0.1.2515 and h5.1.1.2488+), and QuTScloud (c5.1....