Qnap Qvr vulnerabilities

8 known vulnerabilities affecting qnap/qvr.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH2

Vulnerabilities

Page 1 of 1
CVE-2025-52856CRITICALCVSS 9.3≥ 5.1.0, < 5.1.6v5.1.62025-08-29
CVE-2025-52856 [CRITICAL] CWE-287 CVE-2025-52856: An improper authentication vulnerability has been reported to affect VioStor. If a remote attacker, An improper authentication vulnerability has been reported to affect VioStor. If a remote attacker, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: VioStor 5.1.6 build 20250621 and later
nvd
CVE-2022-27588CRITICALCVSS 9.8≤ 5.1.62022-05-05
CVE-2022-27588 [CRITICAL] CWE-77 CVE-2022-27588: We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later
nvd
CVE-2021-38685CRITICALCVSS 9.8fixed in 5.1.62021-11-26
CVE-2021-38685 [CRITICAL] CWE-78 CVE-2021-38685: A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, th A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later
nvd
CVE-2021-38686HIGHCVSS 8.8fixed in 5.1.62021-11-26
CVE-2021-38686 [HIGH] CWE-287 CVE-2021-38686: An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploi An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later
nvd
CVE-2021-34352CRITICALCVSS 9.8fixed in 5.1.52021-10-01
CVE-2021-34352 [HIGH] CWE-78 CVE-2021-34352: A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later
nvd
CVE-2021-34348CRITICALCVSS 9.8fixed in 5.1.52021-09-27
CVE-2021-34348 [CRITICAL] CWE-78 CVE-2021-34348: A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later
nvd
CVE-2021-34351CRITICALCVSS 9.8fixed in 5.1.52021-09-27
CVE-2021-34351 [CRITICAL] CWE-78 CVE-2021-34351: A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later
nvd
CVE-2021-34349HIGHCVSS 7.2fixed in 5.1.52021-09-27
CVE-2021-34349 [HIGH] CWE-78 CVE-2021-34349: A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later
nvd