Qnap Qts vulnerabilities
272 known vulnerabilities affecting qnap/qts.
Total CVEs
272
CISA KEV
7
actively exploited
Public exploits
8
Exploited in wild
10
Severity breakdown
CRITICAL39HIGH90MEDIUM106LOW37
Vulnerabilities
Page 10 of 14
CVE-2023-39296HIGHCVSS 7.5v5.1.0.2348v5.1.0.2399+5 more2024-01-05
CVE-2023-39296 [HIGH] CWE-1321 CVE-2023-39296: A prototype pollution vulnerability has been reported to affect several QNAP operating system versio
A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 bui
nvd
CVE-2023-32968HIGHCVSS 7.2v5.1.0.2348v5.1.0.2399+17 more2023-12-08
CVE-2023-32968 [HIGH] CWE-120 CVE-2023-32968: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2514 build 20230906 and later
QTS 5.1.2.2533
nvd
CVE-2023-32975HIGHCVSS 7.2v5.1.0.2348v5.1.0.2399+17 more2023-12-08
CVE-2023-32975 [HIGH] CWE-120 CVE-2023-32975: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2514 build 20230906 and later
QTS 5.1.2.2533
nvd
CVE-2023-23372MEDIUMCVSS 6.1v5.1.0.2348v5.1.0.2399+24 more2023-12-08
CVE-2023-23372 [MEDIUM] CWE-79 CVE-2023-23372: A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444 build 20230629 and later
QTS
nvd
CVE-2023-23367HIGHCVSS 7.2v5.0.0.1716v5.0.0.1785+18 more2023-11-10
CVE-2023-23367 [HIGH] CWE-78 CVE-2023-23367: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QuTS hero h5.0.1.2376 build 2023
nvd
CVE-2023-23368CRITICALCVSS 9.8v5.0.1v5.0.1.2034+21 more2023-11-03
CVE-2023-23368 [CRITICAL] CWE-78 CVE-2023-23368: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QTS 4.5.4.2374 build 20230416 and later
QuTS hero h
nvd
CVE-2023-23369CRITICALCVSS 9.8v5.1.0.2348v4.3.6.0895+57 more2023-11-03
CVE-2023-23369 [CRITICAL] CWE-77 CVE-2023-23369: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
Multimedia Console 2.1.2 ( 2023/05/04 ) and later
Multimedia Console 1.4.8 ( 2023/05/05 ) a
nvd
CVE-2023-39301MEDIUMCVSS 4.3fixed in 5.1.1.2491fixed in 5.0.1.25142023-11-03
CVE-2023-39301 [MEDIUM] CWE-918 CVE-2023-39301: A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operatin
A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2514 build 20230906 and later
QTS 5.1.1.2491 build
nvd
CVE-2023-32973HIGHCVSS 7.2≥ 4.5.1, < 4.5.4.2467≥ 5.0.0.1716, < 5.0.1.2425+1 more2023-10-13
CVE-2023-32973 [HIGH] CWE-120 CVE-2023-32973: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444
nvd
CVE-2023-32974HIGHCVSS 7.5≥ 5.1.0, < 5.1.0.24442023-10-13
CVE-2023-32974 [HIGH] CWE-22 CVE-2023-32974: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.0.2444 build 20230629 and later
QuTS hero h5.1.
nvd
CVE-2023-32970MEDIUMCVSS 4.9≥ 4.5.1, < 4.5.4.2467≥ 5.0.0.1716, < 5.0.1.2425+1 more2023-10-13
CVE-2023-32970 [MEDIUM] CWE-476 CVE-2023-32970: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.
QES is not affected.
We have already fixed the vulnerability in the following versions:
QuTS hero h5.0.1.2515
nvd
CVE-2023-32971HIGHCVSS 7.2≥ 4.5.0, < 4.5.4.2467≥ 5.0.0, < 5.0.1.2425+1 more2023-10-06
CVE-2023-32971 [HIGH] CWE-120 CVE-2023-32971: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444
nvd
CVE-2023-32972HIGHCVSS 7.2≥ 4.5.0, < 4.5.4.2467≥ 5.0.0, < 5.0.1.2425+1 more2023-10-06
CVE-2023-32972 [HIGH] CWE-120 CVE-2023-32972: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444
nvd
CVE-2023-23363CRITICALCVSS 9.8≥ 4.3.3, < 4.3.3.2420≥ 4.3.4, < 4.3.4.245+1 more2023-09-22
CVE-2023-23363 [CRITICAL] CWE-120 CVE-2023-23363: A buffer copy without checking size of input vulnerability has been reported to affect QNAP operatin
A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 4.3.6.2441 build 20230621 and later
QTS 4.3.3.2420 build 20230621
nvd
CVE-2023-23362HIGHCVSS 8.8≥ 4.5.4, < 4.5.4.2374≥ 5.0.1, < 5.0.1.23762023-09-22
CVE-2023-23362 [HIGH] CWE-78 CVE-2023-23362: An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploit
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QTS 4.5.4.2374 build 20230416 and later
nvd
CVE-2023-34971HIGHCVSS 8.8≥ 4.5.4, < 4.5.4.2467≥ 5.0.1, < 5.0.1.2425+1 more2023-08-24
CVE-2023-34971 [HIGH] CWE-326 CVE-2023-34971: An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems.
An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5
nvd
CVE-2023-34972MEDIUMCVSS 6.5≥ 5.0.1, < 5.0.1.2425≥ 5.1.0, < 5.1.0.24442023-08-24
CVE-2023-34972 [MEDIUM] CWE-319 CVE-2023-34972: A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP ope
A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to read the contents of unexpected sensitive data via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 2
nvd
CVE-2023-34973MEDIUMCVSS 5.3≥ 5.0.1, < 5.0.1.2425≥ 5.1.0, < 5.1.0.24442023-08-24
CVE-2023-34973 [MEDIUM] CWE-331 CVE-2023-34973: An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploit
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444 build 20230629 and later
QuTS hero
nvd
CVE-2023-23355HIGHCVSS 7.2fixed in 5.0.1.23462023-03-29
CVE-2023-23355 [HIGH] CWE-77 CVE-2023-23355: An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploit
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors.
QES is not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2346 build 20230322 and later
QTS 4.
nvd
CVE-2022-27598LOWCVSS 2.7fixed in 5.0.1.23462023-03-29
CVE-2022-27598 [LOW] CWE-125 CVE-2022-27598: A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the followin
nvd