cbcvebase.

Qnap Systems Inc Qts vulnerabilities

249 known vulnerabilities affecting qnap_systems_inc/qts.

Total CVEs
249
CISA KEV
4
actively exploited
Public exploits
3
Exploited in wild
10
Severity breakdown
CRITICAL22HIGH111MEDIUM113LOW3

Vulnerabilities

Page 1 of 13
CVE-2020-2509P1CRITICALCVSS 9.8KEVPoCRansomware≥ unspecified, < 4.5.2.1566 Build 20210202≥ unspecified, < 4.5.1.1495 Build 20201123+4 more2021-04-17
CVE-2020-2509 [CRITICAL] CWE-77 CVE-2020-2509: A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620
nvd
CVE-2018-19949P1CRITICALCVSS 9.8KEVRansomware≥ unspecified, < 4.4.2.1231≥ unspecified, < 4.4.1.1201+4 more2020-10-28
CVE-2018-19949 [CRITICAL] CWE-20 CVE-2018-19949: If exploited, this command injection vulnerability could allow remote attackers to run arbitrary com If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6
nvd
CVE-2018-19953P1MEDIUMCVSS 6.1KEVRansomware≥ unspecified, < 4.4.2.1231≥ unspecified, < 4.4.1.1201+4 more2020-10-28
CVE-2018-19953 [MEDIUM] CWE-79 CVE-2018-19953: If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicio If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6
nvd
CVE-2018-19943P1MEDIUMCVSS 5.4KEVRansomware≥ unspecified, < 4.4.2.1270≥ unspecified, < 4.4.1.1261+4 more2020-10-28
CVE-2018-19943 [MEDIUM] CWE-79 CVE-2018-19943: If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicio If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 b
nvd
CVE-2023-47218P1HIGHCVSS 8.3ExploitedPoC≥ 5.1.x, < 5.1.5.2645 build 202401162024-02-13
CVE-2023-47218 [HIGH] CWE-77 CVE-2023-47218: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTSclou
nvd
CVE-2024-27130P1HIGHCVSS 8.8ExploitedPoC≥ 5.1.x, < 5.1.7.2770 build 202405202024-05-21
CVE-2024-27130 [HIGH] CWE-120 CVE-2024-27130: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 an
nvd
CVE-2024-21899P1CRITICALCVSS 9.8Exploited≥ 5.1.x, < 5.1.3.2578 build 20231110≥ 4.5.x, < 4.5.4.2627 build 202312252024-03-08
CVE-2024-21899 [CRITICAL] CWE-287 CVE-2024-21899: An improper authentication vulnerability has been reported to affect several QNAP operating system v An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231
nvd
CVE-2020-36195P1CRITICALCVSS 9.8ExploitedRansomware≥ unspecified, < 4.3.3.1624 Build 20210416≥ unspecified, < 4.3.6.1620 Build 202103222021-04-17
CVE-2020-36195 [CRITICAL] CWE-20 CVE-2020-36195: An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or th An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3:
nvd
CVE-2023-50358P1MEDIUMCVSS 5.8Exploited≥ 5.x, < 5.1.5.2645 build 20240116≥ 4.5.x, 4.4.x, < 4.5.4.2627 build 20231225+4 more2024-02-13
CVE-2023-50358 [MEDIUM] CWE-78 CVE-2023-50358: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QTS 4.3.6.266
nvd
CVE-2023-39296P2HIGHCVSS 7.5Exploited≥ 5.1.x, < 5.1.3.2578 build 202311102024-01-05
CVE-2023-39296 [HIGH] CWE-1321 CVE-2023-39296: A prototype pollution vulnerability has been reported to affect several QNAP operating system versio A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 bui
nvd
CVE-2023-23368P1CRITICALCVSS 9.8≥ 5.0.x, < 5.0.1.2376 build 20230421≥ 4.5.x, < 4.5.4.2374 build 202304162023-11-03
CVE-2023-23368 [CRITICAL] CWE-78 CVE-2023-23368: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h
nvd
CVE-2023-23369P2CRITICALCVSS 9.8≥ 5.1.x, < 5.1.0.2399 build 20230515≥ 4.3.6, < 4.3.6.2441 build 20230621+3 more2023-11-03
CVE-2023-23369 [CRITICAL] CWE-77 CVE-2023-23369: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia Console 1.4.8 ( 2023/05/05 ) a
nvd
CVE-2024-32766P2CRITICALCVSS 10.0≥ 5.1.x, < 5.1.3.2578 build 20231110≥ 4.5.x, < 4.5.4.2627 build 202312252024-04-26
CVE-2024-32766 [CRITICAL] CWE-77 CVE-2024-32766: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h
nvd
CVE-2025-59385P2CRITICALCVSS 9.8≥ 5.2.x, < 5.2.7.3297 build 202510242025-12-16
CVE-2025-59385 [CRITICAL] CWE-290 CVE-2025-59385: An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operatin An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to access resources which are not otherwise accessible without proper authentication. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build
nvd
CVE-2024-53691P2HIGHCVSS 8.8≥ 5.1.x, < 5.1.8.2823 build 20240712≥ 5.2.x, < 5.2.0.2802 build 202406202024-12-06
CVE-2024-53691 [HIGH] CWE-59 CVE-2024-53691: A link following vulnerability has been reported to affect several QNAP operating system versions. I A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QTS 5
nvd
CVE-2024-50393P2CRITICALCVSS 9.8≥ 5.1.x, < 5.1.9.2954 build 20241120≥ 5.2.x, < 5.2.2.2950 build 202411142024-12-06
CVE-2024-50393 [CRITICAL] CWE-78 CVE-2024-50393: A command injection vulnerability has been reported to affect several QNAP operating system versions A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS her
nvd
CVE-2025-62849P2CRITICALCVSS 9.8≥ 5.2.x, < 5.2.7.3297 build 202510242025-12-16
CVE-2025-62849 [CRITICAL] CWE-89 CVE-2025-62849: An SQL injection vulnerability has been reported to affect several QNAP operating system versions. T An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and later QuTS hero h5.2.7.3297 build 20251024 and late
nvd
CVE-2023-51364P2HIGHCVSS 7.5≥ 5.1.x, < 5.1.4.2596 build 20231128≥ 4.5.x, < 4.5.4.2627 build 202312252024-04-26
CVE-2023-51364 [HIGH] CWE-22 CVE-2023-51364: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627
nvd
CVE-2023-45025P2CRITICALCVSS 9.8≥ 5.1.x, < 5.1.4.2596 build 20231128≥ 4.5.x, < 4.5.4.2627 build 202312252024-02-02
CVE-2023-45025 [CRITICAL] CWE-77 CVE-2023-45025: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h
nvd
CVE-2025-66277P2CRITICALCVSS 9.8≥ 5.2.x, < 5.2.8.3350 build 202512162026-02-11
CVE-2025-66277 [CRITICAL] CWE-59 CVE-2025-66277: A link following vulnerability has been reported to affect several QNAP operating system versions. T A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3350 build 20251216 and later QuTS hero h5.3.2.3354 build 202512
nvd
1 / 13Next →
Qnap Systems Inc Qts vulnerabilities | cvebase