Qnap Systems Inc Qts vulnerabilities
237 known vulnerabilities affecting qnap_systems_inc/qts.
Total CVEs
237
CISA KEV
4
actively exploited
Public exploits
1
Exploited in wild
5
Severity breakdown
CRITICAL17HIGH86MEDIUM98LOW36
Vulnerabilities
Page 3 of 12
CVE-2025-52432MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-52432 [MEDIUM] CWE-476 CVE-2025-52432: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-47213MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-47213 [MEDIUM] CWE-476 CVE-2025-47213: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-52427MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-52427 [MEDIUM] CWE-476 CVE-2025-52427: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-48729MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-48729 [MEDIUM] CWE-476 CVE-2025-48729: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-48726MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-48726 [MEDIUM] CWE-476 CVE-2025-48726: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-52854MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-52854 [MEDIUM] CWE-476 CVE-2025-52854: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-52866MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-52866 [MEDIUM] CWE-476 CVE-2025-52866: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-52855MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-52855 [MEDIUM] CWE-476 CVE-2025-52855: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-48728MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-48728 [MEDIUM] CWE-476 CVE-2025-48728: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-52429MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-52429 [MEDIUM] CWE-134 CVE-2025-52429: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 202
cvelistv5nvd
CVE-2025-48730MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-48730 [MEDIUM] CWE-134 CVE-2025-48730: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 202
cvelistv5nvd
CVE-2025-47214MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-47214 [MEDIUM] CWE-476 CVE-2025-47214: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-52428MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-52428 [MEDIUM] CWE-476 CVE-2025-52428: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-48727MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-48727 [MEDIUM] CWE-476 CVE-2025-48727: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-47211MEDIUMCVSS 6.9≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-47211 [MEDIUM] CWE-22 CVE-2025-47211: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and l
cvelistv5nvd
CVE-2025-52853MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-52853 [MEDIUM] CWE-476 CVE-2025-52853: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-53406MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-53406 [MEDIUM] CWE-134 CVE-2025-53406: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 202
cvelistv5nvd
CVE-2025-52859MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-52859 [MEDIUM] CWE-476 CVE-2025-52859: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-53407MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-53407 [MEDIUM] CWE-134 CVE-2025-53407: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 202
cvelistv5nvd
CVE-2025-30264HIGHCVSS 7.7≥ 5.2.x, < 5.2.5.3145 build 202505262025-08-29
CVE-2025-30264 [HIGH] CWE-77 CVE-2025-30264: A command injection vulnerability has been reported to affect several QNAP operating system versions
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20
cvelistv5nvd