Qnap Quts Hero vulnerabilities
223 known vulnerabilities affecting qnap/quts_hero.
Total CVEs
223
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
2
Severity breakdown
CRITICAL11HIGH80MEDIUM93LOW39
Vulnerabilities
Page 4 of 12
CVE-2025-52433MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+12 more2025-10-03
CVE-2025-52433 [MEDIUM] CWE-476 CVE-2025-52433: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
nvd
CVE-2025-48730MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+12 more2025-10-03
CVE-2025-48730 [MEDIUM] CWE-134 CVE-2025-48730: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 202
nvd
CVE-2025-30264HIGHCVSS 7.7vh5.2.0.2737vh5.2.0.2782+11 more2025-08-29
CVE-2025-30264 [HIGH] CWE-77 CVE-2025-30264: A command injection vulnerability has been reported to affect several QNAP operating system versions
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20
nvd
CVE-2025-30273HIGHCVSS 7.1vh5.2.0.2737vh5.2.0.2782+11 more2025-08-29
CVE-2025-30273 [HIGH] CWE-787 CVE-2025-30273: An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versi
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build
nvd
CVE-2025-30267MEDIUMCVSS 5.3vh5.2.0.2737vh5.2.0.2782+11 more2025-08-29
CVE-2025-30267 [MEDIUM] CWE-476 CVE-2025-30267: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS he
nvd
CVE-2025-33032MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+11 more2025-08-29
CVE-2025-33032 [MEDIUM] CWE-22 CVE-2025-33032: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
QTS 5.2.5.3145 build 20250526 and la
nvd
CVE-2025-30270MEDIUMCVSS 5.3vh5.2.0.2737vh5.2.0.2782+11 more2025-08-29
CVE-2025-30270 [MEDIUM] CWE-22 CVE-2025-30270: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS
nvd
CVE-2025-30274MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+11 more2025-08-29
CVE-2025-30274 [MEDIUM] CWE-476 CVE-2025-30274: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
nvd
CVE-2025-30271MEDIUMCVSS 5.3vh5.2.0.2737vh5.2.0.2782+11 more2025-08-29
CVE-2025-30271 [MEDIUM] CWE-22 CVE-2025-30271: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS
nvd
CVE-2025-29882MEDIUMCVSS 5.3vh5.2.0.2737vh5.2.0.2782+11 more2025-08-29
CVE-2025-29882 [MEDIUM] CWE-476 CVE-2025-29882: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS he
nvd
CVE-2025-30272MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+11 more2025-08-29
CVE-2025-30272 [MEDIUM] CWE-476 CVE-2025-30272: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
nvd
CVE-2025-30268MEDIUMCVSS 5.3vh5.2.0.2737vh5.2.0.2782+11 more2025-08-29
CVE-2025-30268 [MEDIUM] CWE-476 CVE-2025-30268: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS he
nvd
CVE-2025-30265LOWCVSS 2.3vh5.2.0.2737vh5.2.0.2782+11 more2025-08-29
CVE-2025-30265 [LOW] CWE-120 CVE-2025-30265: A buffer overflow vulnerability has been reported to affect several QNAP operating system versions.
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build
nvd
CVE-2025-22481HIGHCVSS 8.7vh5.2.0.2737vh5.2.0.2782+10 more2025-06-06
CVE-2025-22481 [HIGH] CWE-77 CVE-2025-22481: A command injection vulnerability has been reported to affect several QNAP operating system versions
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.4.3079 build 20250321 and later
QuTS hero h5.2.4.3079 bu
nvd
CVE-2024-56805MEDIUMCVSS 5.3vh5.2.0.2737vh5.2.0.2782+10 more2025-06-06
CVE-2024-56805 [MEDIUM] CWE-120 CVE-2024-56805: A buffer overflow vulnerability has been reported to affect several QNAP operating system versions.
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.4.3079 build 20250321 and later
QuTS hero h5.2.4.3
nvd
CVE-2024-13086HIGHCVSS 7.5≥ h5.0.0, < h5.2.0.28512025-03-07
CVE-2024-13086 [HIGH] CWE-200 CVE-2024-13086: An exposure of sensitive information vulnerability has been reported to affect product. If exploited
An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.
We have already fixed the vulnerability in the following version:
QTS 5.2.0.2851 build 20240808 and later
QuTS hero h5.2.0.2851 build 20240808 and later
nvd
CVE-2024-53693HIGHCVSS 7.1vh5.2.0.2737vh5.2.0.2782+8 more2025-03-07
CVE-2024-53693 [HIGH] CWE-93 CVE-2024-53693: An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to a
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20
nvd
CVE-2024-53696MEDIUMCVSS 5.1≥ h4.5.0, < h4.5.4.24762025-03-07
CVE-2024-53696 [MEDIUM] CWE-918 CVE-2024-53696: A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If expl
A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data.
We have already fixed the vulnerability in the following versions:
QuLog Center 1.7.0.829 ( 2024/10/01 ) and later
QuLog Center 1.8.0
nvd
CVE-2024-53692MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+8 more2025-03-07
CVE-2024-53692 [MEDIUM] CWE-77 CVE-2024-53692: A command injection vulnerability has been reported to affect several QNAP operating system versions
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.
nvd
CVE-2024-50405MEDIUMCVSS 5.1vh5.2.0.2737vh5.2.0.2782+8 more2025-03-07
CVE-2024-50405 [MEDIUM] CWE-93 CVE-2024-50405: An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to a
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.30
nvd