Qnap Nas Proxy Server vulnerabilities
7 known vulnerabilities affecting qnap/nas_proxy_server.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2021-34360HIGHCVSS 8.8≥ 1.4.0, < 1.4.2≥ 1.4.0, < 1.4.32022-05-26
CVE-2021-34360 [MEDIUM] CWE-352 CVE-2021-34360: A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Pr
A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0:
nvd
CVE-2021-34359MEDIUMCVSS 5.4fixed in 1.4.22022-02-25
CVE-2021-34359 [MEDIUM] CWE-79 CVE-2021-34359: A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Ser
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later
nvd
CVE-2021-34361MEDIUMCVSS 6.1fixed in 1.4.22022-02-25
CVE-2021-34361 [MEDIUM] CWE-79 CVE-2021-34361: A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Ser
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later
nvd
CVE-2017-7637CRITICALCVSS 9.8fixed in 1.3.02018-06-05
CVE-2017-7637 [CRITICAL] CWE-78 CVE-2017-7637: QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS
QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges.
nvd
CVE-2017-7635HIGHCVSS 8.8fixed in 1.3.02018-06-05
CVE-2017-7635 [HIGH] CWE-352 CVE-2017-7635: QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.
nvd
CVE-2017-7639MEDIUMCVSS 5.3fixed in 1.3.02018-06-05
CVE-2017-7639 [MEDIUM] CWE-287 CVE-2017-7639: QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Suc
QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server.
nvd
CVE-2017-7636MEDIUMCVSS 6.1fixed in 1.3.02018-06-05
CVE-2017-7636 [MEDIUM] CWE-79 CVE-2017-7636: Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0
Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML.
nvd