cbcvebase.

Qnap Systems Inc Qts vulnerabilities

249 known vulnerabilities affecting qnap_systems_inc/qts.

Total CVEs
249
CISA KEV
4
actively exploited
Public exploits
3
Exploited in wild
10
Severity breakdown
CRITICAL22HIGH111MEDIUM113LOW3

Vulnerabilities

Page 3 of 13
CVE-2024-27129P3HIGHCVSS 8.8≥ 5.1.x, < 5.1.7.2770 build 202405202024-05-21
CVE-2024-27129 [HIGH] CWE-120 CVE-2024-27129: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 bui
nvd
CVE-2024-27128P3HIGHCVSS 8.8≥ 5.1.x, < 5.1.7.2770 build 202405202024-05-21
CVE-2024-27128 [HIGH] CWE-120 CVE-2024-27128: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 bui
nvd
CVE-2024-32763P3HIGHCVSS 8.8≥ 5.1.x, < 5.1.8.2823 build 202407122024-09-06
CVE-2024-32763 [HIGH] CWE-120 CVE-2024-32763: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 bu
nvd
CVE-2023-23363P3CRITICALCVSS 9.8≥ 4.3.*, < 4.3.6.2441 build 20230621≥ 4.3.*, < 4.3.3.2420 build 20230621+2 more2023-09-22
CVE-2023-23363 [CRITICAL] CWE-120 CVE-2023-23363: A buffer copy without checking size of input vulnerability has been reported to affect QNAP operatin A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 build 20230621 and later QTS 4.3.3.2420 build 20230621
nvd
CVE-2024-27127P3HIGHCVSS 8.8≥ 5.1.x, < 5.1.7.2770 build 202405202024-05-21
CVE-2024-27127 [HIGH] CWE-415 CVE-2024-27127: A double free vulnerability has been reported to affect several QNAP operating system versions. If e A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute arbitrary code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and late
nvd
CVE-2024-50397P3HIGHCVSS 8.8≥ 5.2.x, < 5.2.1.2930 build 202410252024-11-22
CVE-2024-50397 [HIGH] CWE-134 CVE-2024-50397: A use of externally-controlled format string vulnerability has been reported to affect several QNAP A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025
nvd
CVE-2021-28816P3HIGHCVSS 8.8≥ unspecified, < 4.5.4.1715 build 20210630≥ unspecified, < 5.0.0.1716 build 20210701+2 more2021-09-10
CVE-2021-28816 [HIGH] CWE-787 CVE-2021-28816: A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210
nvd
CVE-2023-47568P3HIGHCVSS 8.8≥ 5.1.x, < 5.1.5.2645 build 20240116≥ 4.5.x, < 4.5.4.2627 build 202312252024-02-02
CVE-2023-47568 [HIGH] CWE-89 CVE-2023-47568: A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS
nvd
CVE-2023-51367P3HIGHCVSS 8.8≥ 5.1.x, < 5.1.6.2722 build 202404022024-09-06
CVE-2023-51367 [HIGH] CWE-120 CVE-2023-51367: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 a
nvd
CVE-2025-47212P3HIGHCVSS 7.2≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-47212 [HIGH] CWE-78 CVE-2025-47212: A command injection vulnerability has been reported to affect several QNAP operating system versions A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and later QuTS hero h5.2.6.319
nvd
CVE-2025-66279P3HIGHCVSS 7.2≥ 5.2.0, < 5.2.9.3410 build 202602142026-06-10
CVE-2025-66279 [HIGH] CWE-78 CVE-2025-66279: A command injection vulnerability has been reported to affect several QNAP operating system versions A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.341
nvd
CVE-2025-66273P3HIGHCVSS 7.2≥ 5.2.0, < 5.2.9.3410 build 202602142026-06-10
CVE-2025-66273 [HIGH] CWE-78 CVE-2025-66273: A command injection vulnerability has been reported to affect several QNAP operating system versions A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.341
nvd
CVE-2026-22893P3HIGHCVSS 7.2≥ 5.2.0, < 5.2.9.3410 build 202602142026-06-10
CVE-2026-22893 [HIGH] CWE-78 CVE-2026-22893: A command injection vulnerability has been reported to affect several QNAP operating system versions A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.341
nvd
CVE-2025-66276P3CRITICALCVSS 9.8≥ 5.2.0, < 5.2.7.3256 build 202509132026-06-10
CVE-2025-66276 [CRITICAL] CVE-2025-66276: QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5. QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later
nvd
CVE-2026-24719P3HIGHCVSS 7.2≥ 5.2.0, < 5.2.9.3492 build 202605072026-06-10
CVE-2026-24719 [HIGH] CWE-78 CVE-2026-24719: A command injection vulnerability has been reported to affect several QNAP operating system versions A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3492 build 20260507 and later QuTS hero h5.2.9.349
nvd
CVE-2018-19945P3CRITICALCVSS 9.1≥ unspecified, < 4.3.6.0895≥ unspecified, < 4.3.4.08992020-12-31
CVE-2018-19945 [CRITICAL] CWE-20 CVE-2018-19945: A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerability in the following versions: QTS 4.3.6.0895 build 2019
nvd
CVE-2020-2490P3HIGHCVSS 7.2≥ unspecified, < 4.4.3.14212020-11-16
CVE-2020-2490 [HIGH] CWE-77 CVE-2020-2490: If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.
nvd
CVE-2024-14026P3HIGHCVSS 7.8≥ 5.1.x, < 5.1.9.2954 build 20241120≥ 5.2.x, < 5.2.3.3006 build 202501082026-03-11
CVE-2024-14026 [HIGH] CWE-78 CVE-2024-14026: A command injection vulnerability has been reported to affect several QNAP operating system versions A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and
nvd
CVE-2025-30273P3HIGHCVSS 8.1≥ 5.2.x, < 5.2.5.3145 build 202505262025-08-29
CVE-2025-30273 [HIGH] CWE-787 CVE-2025-30273: An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versi An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build
nvd
CVE-2020-2492P3HIGHCVSS 7.2≥ unspecified, < 4.4.3.14212020-11-16
CVE-2020-2492 [HIGH] CWE-77 CVE-2020-2492: If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.
nvd
Qnap Systems Inc Qts vulnerabilities | cvebase