Qnap Quts Hero vulnerabilities
223 known vulnerabilities affecting qnap/quts_hero.
Total CVEs
223
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
2
Severity breakdown
CRITICAL11HIGH80MEDIUM93LOW39
Vulnerabilities
Page 3 of 12
CVE-2025-47213MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+12 more2025-10-03
CVE-2025-47213 [MEDIUM] CWE-476 CVE-2025-47213: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-48726MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+12 more2025-10-03
CVE-2025-48726 [MEDIUM] CWE-476 CVE-2025-48726: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-52866MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+12 more2025-10-03
CVE-2025-52866 [MEDIUM] CWE-476 CVE-2025-52866: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-48728MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+12 more2025-10-03
CVE-2025-48728 [MEDIUM] CWE-476 CVE-2025-48728: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-52429MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+12 more2025-10-03
CVE-2025-52429 [MEDIUM] CWE-134 CVE-2025-52429: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 202
nvd
CVE-2025-48729MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+12 more2025-10-03
CVE-2025-48729 [MEDIUM] CWE-476 CVE-2025-48729: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-52427MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+12 more2025-10-03
CVE-2025-52427 [MEDIUM] CWE-476 CVE-2025-52427: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-47214MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+12 more2025-10-03
CVE-2025-47214 [MEDIUM] CWE-476 CVE-2025-47214: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-52428MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+12 more2025-10-03
CVE-2025-52428 [MEDIUM] CWE-476 CVE-2025-52428: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-48727MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+12 more2025-10-03
CVE-2025-48727 [MEDIUM] CWE-476 CVE-2025-48727: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-52432MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+12 more2025-10-03
CVE-2025-52432 [MEDIUM] CWE-476 CVE-2025-52432: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-47211MEDIUMCVSS 6.9vh5.2.0.2737vh5.2.0.2782+12 more2025-10-03
CVE-2025-47211 [MEDIUM] CWE-22 CVE-2025-47211: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and l
nvd
CVE-2025-52853MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+12 more2025-10-03
CVE-2025-52853 [MEDIUM] CWE-476 CVE-2025-52853: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-52859MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+12 more2025-10-03
CVE-2025-52859 [MEDIUM] CWE-476 CVE-2025-52859: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-52855MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+12 more2025-10-03
CVE-2025-52855 [MEDIUM] CWE-476 CVE-2025-52855: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-52424MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+12 more2025-10-03
CVE-2025-52424 [MEDIUM] CWE-476 CVE-2025-52424: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-52854MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+12 more2025-10-03
CVE-2025-52854 [MEDIUM] CWE-476 CVE-2025-52854: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-53406MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+12 more2025-10-03
CVE-2025-53406 [MEDIUM] CWE-134 CVE-2025-53406: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 202
nvd
CVE-2025-52857MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+12 more2025-10-03
CVE-2025-52857 [MEDIUM] CWE-476 CVE-2025-52857: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-53407MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+12 more2025-10-03
CVE-2025-53407 [MEDIUM] CWE-134 CVE-2025-53407: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 202
nvd