Qnap Qunetswitch vulnerabilities

5 known vulnerabilities affecting qnap/qunetswitch.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2026-22897HIGHCVSS 8.1≥ 2.0.1.13077, < 2.0.4.04152026-03-20
CVE-2026-22897 [HIGH] CWE-78 CVE-2026-22897: A command injection vulnerability has been reported to affect QuNetSwitch. The remote attackers can A command injection vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.4.0415 and later
nvd
CVE-2026-22902MEDIUMCVSS 5.7≤ 2.0.5.09062026-03-20
CVE-2026-22902 [MEDIUM] CWE-78 CVE-2026-22902: A command injection vulnerability has been reported to affect QuNetSwitch. If a local attacker gains A command injection vulnerability has been reported to affect QuNetSwitch. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later
nvd
CVE-2026-22900MEDIUMCVSS 6.8≥ 2.0.1.13077, < 2.0.5.09062026-03-20
CVE-2026-22900 [MEDIUM] CWE-798 CVE-2026-22900: A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote at A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later
nvd
CVE-2026-22901MEDIUMCVSS 6.3≥ 2.0.1.13077, ≤ 2.0.5.09062026-03-20
CVE-2026-22901 [MEDIUM] CWE-78 CVE-2026-22901: A command injection vulnerability has been reported to affect QuNetSwitch. If a remote attacker gain A command injection vulnerability has been reported to affect QuNetSwitch. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later
nvd
CVE-2021-28813HIGHCVSS 7.5fixed in 1.0.6.15092021-09-10
CVE-2021-28813 [CRITICAL] CWE-259 CVE-2021-28813: A vulnerability involving insecure storage of sensitive information has been reported to affect QSW- A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism.We have already fixed this vulnerability in the following versi
nvd