cbcvebase.

Qnap Systems Inc Qts vulnerabilities

249 known vulnerabilities affecting qnap_systems_inc/qts.

Total CVEs
249
CISA KEV
4
actively exploited
Public exploits
3
Exploited in wild
10
Severity breakdown
CRITICAL22HIGH111MEDIUM113LOW3

Vulnerabilities

Page 2 of 13
CVE-2023-51365P2HIGHCVSS 7.5≥ 5.1.x, < 5.1.4.2596 build 20231128≥ 4.5.x, < 4.5.4.2627 build 202312252024-04-26
CVE-2023-51365 [HIGH] CWE-22 CVE-2023-51365: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627
nvd
CVE-2025-30264P2HIGHCVSS 8.8≥ 5.2.x, < 5.2.5.3145 build 202505262025-08-29
CVE-2025-30264 [HIGH] CWE-77 CVE-2025-30264: A command injection vulnerability has been reported to affect several QNAP operating system versions A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20
nvd
CVE-2025-22481P2HIGHCVSS 8.8≥ 5.2.x, < 5.2.4.3079 build 202503212025-06-06
CVE-2025-22481 [HIGH] CWE-77 CVE-2025-22481: A command injection vulnerability has been reported to affect several QNAP operating system versions A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 bu
nvd
CVE-2021-28804P2CRITICALCVSS 9.8≥ unspecified, < 4.5.1.1540 build 202101072021-07-01
CVE-2021-28804 [CRITICAL] CWE-78 CVE-2021-28804: A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, th A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc. QuTS hero versions prior to h4.5.1.1582 build 20210
nvd
CVE-2021-28802P2CRITICALCVSS 9.8≥ unspecified, < 4.5.1.1540 build 202101072021-07-01
CVE-2021-28802 [CRITICAL] CWE-78 CVE-2021-28802: A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, th A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc. QuTS hero versions prior to h4.5.1.1582 build 20210
nvd
CVE-2019-7198P2CRITICALCVSS 9.8fixed in 4.5.1.1456fixed in 4.4.3.13542020-12-10
CVE-2019-7198 [CRITICAL] CWE-77 CVE-2019-7198: This command injection vulnerability allows attackers to execute arbitrary commands in a compromised This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later
nvd
CVE-2023-34974P2HIGHCVSS 8.8≥ 4.5.x, < 4.5.4.2790 build 202406052024-09-06
CVE-2023-34974 [HIGH] CWE-78 CVE-2023-34974: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. QuTScloud, QVR, QES are not affected. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790 build 20240605 and later QuTS hero h4.5.4.
nvd
CVE-2022-27596P2CRITICALCVSS 9.8≥ 5.0.1, < 5.0.1.2234 build 202212012023-01-30
CVE-2022-27596 [CRITICAL] CWE-89 CVE-2022-27596: A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this v A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later QTS 5.0.1.2234 build 20221201 and later
nvd
CVE-2021-28800P2CRITICALCVSS 9.8≥ unspecified, < 4.3.6.1663 Build 20210504≥ unspecified, < 4.3.3.1624 Build 202104162021-06-24
CVE-2021-28800 [CRITICAL] CWE-78 CVE-2021-28800: A command injection vulnerability has been reported to affect QNAP NAS running legacy versions of QT A command injection vulnerability has been reported to affect QNAP NAS running legacy versions of QTS. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.3.6.1663 Build 20210504; versions prior to 4.3.3.1624 Build 20210416. This
nvd
CVE-2023-39303P2CRITICALCVSS 9.8≥ 5.1.x, < 5.1.3.2578 build 202311102024-02-02
CVE-2023-39303 [CRITICAL] CWE-287 CVE-2023-39303: An improper authentication vulnerability has been reported to affect several QNAP operating system v An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 buil
nvd
CVE-2021-44051P2HIGHCVSS 8.8≥ unspecified, < 5.0.0.1986 build 202203242022-05-05
CVE-2021-44051 [HIGH] CWE-77 CVE-2021-44051: A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20
nvd
CVE-2024-48859P2CRITICALCVSS 9.1≥ 5.1.x, < 5.1.9.2954 build 20241120≥ 5.2.x, < 5.2.2.2950 build 202411142024-12-06
CVE-2024-48859 [CRITICAL] CWE-287 CVE-2024-48859: An improper authentication vulnerability has been reported to affect several QNAP operating system v An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114
nvd
CVE-2023-39297P2HIGHCVSS 8.8≥ 5.1.x, < 5.1.4.2596 build 20231128≥ 4.5.x, < 4.5.4.2627 build 202312252024-02-02
CVE-2023-39297 [HIGH] CWE-78 CVE-2023-39297: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later Q
nvd
CVE-2024-21898P2HIGHCVSS 8.8≥ 5.1.x, < 5.1.6.2722 build 202404022024-09-06
CVE-2024-21898 [HIGH] CWE-78 CVE-2024-21898: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and l
nvd
CVE-2020-25847P2HIGHCVSS 8.8≥ unspecified, < 4.5.1.1495≥ unspecified, ≤ 4.4.3.14442020-12-29
CVE-2020-25847 [HIGH] CWE-77 CVE-2020-25847: This command injection vulnerability allows attackers to execute arbitrary commands in a compromised This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero.
nvd
CVE-2023-23362P2HIGHCVSS 8.8≥ 5.0.*, < 5.0.1.2376 build 20230421≥ 4.5.*, < 4.5.4.2374 build 202304162023-09-22
CVE-2023-23362 [HIGH] CWE-78 CVE-2023-23362: An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploit An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later
nvd
CVE-2023-34975P2HIGHCVSS 8.8≥ 4.5.x, < 4.5.4.2627 build 202312252023-10-13
CVE-2023-34975 [HIGH] CWE-78 CVE-2023-34975: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h4.5.4.2626 build 20231225 and late
nvd
CVE-2023-50364P3HIGHCVSS 8.8≥ 5.1.x, < 5.1.6.2722 build 202404022024-04-26
CVE-2023-50364 [HIGH] CWE-120 CVE-2023-50364: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 bu
nvd
CVE-2023-50361P3HIGHCVSS 8.8≥ 5.1.x, < 5.1.6.2722 build 202404022024-04-26
CVE-2023-50361 [HIGH] CWE-120 CVE-2023-50361: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 bu
nvd
CVE-2023-50362P3HIGHCVSS 8.8≥ 5.1.x, < 5.1.6.2722 build 202404022024-04-26
CVE-2023-50362 [HIGH] CWE-120 CVE-2023-50362: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 bu
nvd
Qnap Systems Inc Qts vulnerabilities | cvebase