Qnap Qts vulnerabilities
272 known vulnerabilities affecting qnap/qts.
Total CVEs
272
CISA KEV
7
actively exploited
Public exploits
7
Exploited in wild
10
Severity breakdown
CRITICAL39HIGH90MEDIUM106LOW37
Vulnerabilities
Page 6 of 14
CVE-2024-37049MEDIUMCVSS 5.1v5.2.0.2737v5.2.0.2744+5 more2024-11-22
CVE-2024-37049 [MEDIUM] CWE-120 CVE-2024-37049: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
Qu
nvd
CVE-2024-37045MEDIUMCVSS 5.1v5.2.0.2737v5.2.0.2744+5 more2024-11-22
CVE-2024-37045 [MEDIUM] CWE-476 CVE-2024-37045: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 an
nvd
CVE-2024-37047MEDIUMCVSS 5.1v5.2.0.2737v5.2.0.2744+5 more2024-11-22
CVE-2024-37047 [MEDIUM] CWE-120 CVE-2024-37047: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
Qu
nvd
CVE-2024-37046LOWCVSS 2.1v5.2.0.2737v5.2.0.2744+5 more2024-11-22
CVE-2024-37046 [LOW] CWE-22 CVE-2024-37046: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 2
nvd
CVE-2024-50398LOWCVSS 2.1v5.2.0.2737v5.2.0.2744+5 more2024-11-22
CVE-2024-50398 [LOW] CWE-134 CVE-2024-50398: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 2
nvd
CVE-2024-50399LOWCVSS 2.1v5.2.0.2737v5.2.0.2744+5 more2024-11-22
CVE-2024-50399 [LOW] CWE-134 CVE-2024-50399: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 2
nvd
CVE-2024-50400LOWCVSS 2.1v5.2.0.2737v5.2.0.2744+5 more2024-11-22
CVE-2024-50400 [LOW] CWE-134 CVE-2024-50400: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 2
nvd
CVE-2024-50401LOWCVSS 2.1v5.2.0.2737v5.2.0.2744+5 more2024-11-22
CVE-2024-50401 [LOW] CWE-134 CVE-2024-50401: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 2
nvd
CVE-2024-21898HIGHCVSS 8.8v5.1.0.2348v5.1.0.2399+9 more2024-09-06
CVE-2024-21898 [HIGH] CWE-78 CVE-2024-21898: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and l
nvd
CVE-2024-38641HIGHCVSS 7.3v5.1.0.2348v5.1.0.2399+11 more2024-09-06
CVE-2024-38641 [HIGH] CWE-77 CVE-2024-38641: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QuTS hero h5.1.8.2823 build 202
nvd
CVE-2023-34979HIGHCVSS 7.2v4.5.4.1715v4.5.4.1723+11 more2024-09-06
CVE-2023-34979 [HIGH] CWE-78 CVE-2023-34979: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.5.4.2790 build 20240605 and later
QuTS hero h4.5.4.2790 build 2024
nvd
CVE-2023-39300HIGHCVSS 7.2v4.3.6.0895v4.3.6.0907+62 more2024-09-06
CVE-2023-39300 [HIGH] CWE-78 CVE-2023-39300: An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vuln
An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.3.6.2805 build 20240619 and later
QTS 4.3.4.2814 build 20240618 and later
QTS 4.3.3.2784 build
nvd
CVE-2023-39298HIGHCVSS 7.8v5.1.0.2348v5.1.0.2399+14 more2024-09-06
CVE-2023-39298 [HIGH] CWE-862 CVE-2023-39298: A missing authorization vulnerability has been reported to affect several QNAP operating system vers
A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors.
QuTScloud, is not affected.
We have already fixed the vulnerability in the
nvd
CVE-2023-51367HIGHCVSS 8.8v5.1.0.2348v5.1.0.2399+9 more2024-09-06
CVE-2023-51367 [HIGH] CWE-120 CVE-2023-51367: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 a
nvd
CVE-2023-34974HIGHCVSS 8.8v4.5.4.1715v4.5.4.1723+11 more2024-09-06
CVE-2023-34974 [HIGH] CWE-78 CVE-2023-34974: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
QuTScloud, QVR, QES are not affected.
We have already fixed the vulnerability in the following versions:
QTS 4.5.4.2790 build 20240605 and later
QuTS hero h4.5.4.
nvd
CVE-2024-21903MEDIUMCVSS 4.7v5.1.0.2348v5.1.0.2399+9 more2024-09-06
CVE-2024-21903 [MEDIUM] CWE-77 CVE-2024-21903: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20
nvd
CVE-2024-21906MEDIUMCVSS 4.7v5.1.0.2348v5.1.0.2399+11 more2024-09-06
CVE-2024-21906 [MEDIUM] CWE-78 CVE-2024-21906: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QuTS hero h5.1.8.2823 build 20
nvd
CVE-2024-32763MEDIUMCVSS 5.3v5.1.0.2348v5.1.0.2399+11 more2024-09-06
CVE-2024-32763 [MEDIUM] CWE-120 CVE-2024-32763: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QuTS hero h5.1.8.2823
nvd
CVE-2023-51368MEDIUMCVSS 6.5v5.1.0.2348v5.1.0.2399+9 more2024-09-06
CVE-2023-51368 [MEDIUM] CWE-476 CVE-2023-51368: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 buil
nvd
CVE-2024-21904MEDIUMCVSS 6.5v5.1.0.2348v5.1.0.2399+10 more2024-09-06
CVE-2024-21904 [MEDIUM] CWE-22 CVE-2024-21904: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.
nvd