Qnap File Station vulnerabilities

48 known vulnerabilities affecting qnap/file_station.

Total CVEs
48
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH14MEDIUM18LOW16

Vulnerabilities

Page 2 of 3
CVE-2025-57706LOWCVSS 2.2≥ 5.5.6.4691, < 5.5.6.50182025-11-07
CVE-2025-57706 [LOW] CWE-79 CVE-2025-57706: A cross-site scripting (XSS) vulnerability has been reported to affect File Station 5. If a remote a A cross-site scripting (XSS) vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5018 and later
nvd
CVE-2025-53411LOWCVSS 1.2≥ 5.5.6.4691, < 5.5.6.50182025-11-07
CVE-2025-53411 [LOW] CWE-770 CVE-2025-53411: An allocation of resources without limits or throttling vulnerability has been reported to affect Fi An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the foll
nvd
CVE-2025-29890HIGHCVSS 7.1≥ 5.5.6.4691, < 5.5.6.49072025-08-29
CVE-2025-29890 [HIGH] CWE-770 CVE-2025-29890: An allocation of resources without limits or throttling vulnerability has been reported to affect Fi An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following ver
nvd
CVE-2025-29875HIGHCVSS 7.1≥ 5.5.6.4691, < 5.5.6.49072025-08-29
CVE-2025-29875 [HIGH] CWE-476 CVE-2025-29875: A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote att A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later
nvd
CVE-2025-29899HIGHCVSS 7.1≥ 5.5.6.4691, < 5.5.6.49072025-08-29
CVE-2025-29899 [HIGH] CWE-770 CVE-2025-29899: An allocation of resources without limits or throttling vulnerability has been reported to affect Fi An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following ver
nvd
CVE-2025-29900HIGHCVSS 7.1≥ 5.5.6.4691, < 5.5.6.49072025-08-29
CVE-2025-29900 [HIGH] CWE-770 CVE-2025-29900: An allocation of resources without limits or throttling vulnerability has been reported to affect Fi An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following ver
nvd
CVE-2025-29874MEDIUMCVSS 5.3≥ 5.5.6.4691, < 5.5.6.49072025-08-29
CVE-2025-29874 [MEDIUM] CWE-476 CVE-2025-29874: A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote att A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later
nvd
CVE-2025-29878MEDIUMCVSS 5.3≥ 5.5.6.4691, < 5.5.6.49072025-08-29
CVE-2025-29878 [MEDIUM] CWE-476 CVE-2025-29878: A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote att A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later
nvd
CVE-2025-29888MEDIUMCVSS 5.3≥ 5.5.6.4691, < 5.5.6.49072025-08-29
CVE-2025-29888 [MEDIUM] CWE-476 CVE-2025-29888: A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote att A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later
nvd
CVE-2025-29886MEDIUMCVSS 5.3≥ 5.5.6.4691, < 5.5.6.49072025-08-29
CVE-2025-29886 [MEDIUM] CWE-476 CVE-2025-29886: A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote att A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later
nvd
CVE-2025-29889MEDIUMCVSS 5.3≥ 5.5.6.4691, < 5.5.6.49072025-08-29
CVE-2025-29889 [MEDIUM] CWE-476 CVE-2025-29889: A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote att A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later
nvd
CVE-2025-29879MEDIUMCVSS 5.3≥ 5.5.6.4691, < 5.5.6.49072025-08-29
CVE-2025-29879 [MEDIUM] CWE-476 CVE-2025-29879: A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote att A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later
nvd
CVE-2025-29901HIGHCVSS 7.1≥ 5.5.6.4691, < 5.5.6.49332025-08-26
CVE-2025-29901 [HIGH] CWE-476 CVE-2025-29901: A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote att A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4933 and later
nvd
CVE-2025-47206HIGHCVSS 7.1≥ 5.5.6.4691, < 5.5.6.49332025-08-18
CVE-2025-47206 [HIGH] CWE-787 CVE-2025-47206: An out-of-bounds write vulnerability has been reported to affect File Station 5. If a remote attacke An out-of-bounds write vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4933 and later
nvd
CVE-2025-30279HIGHCVSS 8.3≥ 5.5.6.4691, < 5.5.6.48472025-06-06
CVE-2025-30279 [HIGH] CWE-295 CVE-2025-30279: An improper certificate validation vulnerability has been reported to affect File Station 5. If a re An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
nvd
CVE-2025-29885HIGHCVSS 8.3≥ 5.5.6.4691, < 5.5.6.47912025-06-06
CVE-2025-29885 [HIGH] CWE-295 CVE-2025-29885: An improper certificate validation vulnerability has been reported to affect File Station 5. If expl An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later
nvd
CVE-2025-29883HIGHCVSS 8.3≥ 5.5.6.4691, < 5.5.6.47912025-06-06
CVE-2025-29883 [HIGH] CWE-295 CVE-2025-29883: An improper certificate validation vulnerability has been reported to affect File Station 5. If expl An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later
nvd
CVE-2025-22486HIGHCVSS 7.1≥ 5.5.6.4691, < 5.5.6.47912025-06-06
CVE-2025-22486 [HIGH] CWE-295 CVE-2025-22486: An improper certificate validation vulnerability has been reported to affect File Station 5. If expl An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later
nvd
CVE-2025-29872HIGHCVSS 7.1≥ 5.5.6.4691, < 5.5.6.48472025-06-06
CVE-2025-29872 [HIGH] CWE-770 CVE-2025-29872: An allocation of resources without limits or throttling vulnerability has been reported to affect Fi An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following ver
nvd
CVE-2025-33031HIGHCVSS 8.3≥ 5.5.6.4691, < 5.5.6.48472025-06-06
CVE-2025-33031 [HIGH] CWE-295 CVE-2025-33031: An improper certificate validation vulnerability has been reported to affect File Station 5. If a re An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
nvd
← Previous2 / 3Next →