Qnap Systems Inc Qts vulnerabilities
249 known vulnerabilities affecting qnap_systems_inc/qts.
Total CVEs
249
CISA KEV
4
actively exploited
Public exploits
3
Exploited in wild
10
Severity breakdown
CRITICAL22HIGH111MEDIUM113LOW3
Vulnerabilities
Page 4 of 13
CVE-2024-50396P3HIGHCVSS 8.8≥ ?, < 5.2.1.2930 build 202410252024-11-22
CVE-2024-50396 [HIGH] CWE-134 CVE-2024-50396: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2
nvd
CVE-2025-52863P3HIGHCVSS 8.1≥ 5.2.x, < 5.2.7.3256 build 202509132026-01-02
CVE-2025-52863 [HIGH] CWE-120 CVE-2025-52863: A buffer overflow vulnerability has been reported to affect several QNAP operating system versions.
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 buil
nvd
CVE-2025-52872P3HIGHCVSS 8.1≥ 5.2.x, < 5.2.7.3256 build 202509132026-01-02
CVE-2025-52872 [HIGH] CWE-120 CVE-2025-52872: A buffer overflow vulnerability has been reported to affect several QNAP operating system versions.
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 buil
nvd
CVE-2025-52864P3HIGHCVSS 8.1≥ 5.2.x, < 5.2.7.3256 build 202509132026-01-02
CVE-2025-52864 [HIGH] CWE-120 CVE-2025-52864: A buffer overflow vulnerability has been reported to affect several QNAP operating system versions.
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 20250913 and later
QuTS hero h5.2.7.3256 buil
nvd
CVE-2020-2508P3HIGHCVSS 7.2fixed in 4.5.1.14562021-01-11
CVE-2020-2508 [HIGH] CWE-77 CVE-2020-2508: A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later)
nvd
CVE-2025-62847P3HIGHCVSS 7.5≥ 5.2.x, < 5.2.7.3297 build 202510242025-12-16
CVE-2025-62847 [HIGH] CWE-88 CVE-2025-62847: An improper neutralization of argument delimiters in a command vulnerability has been reported to af
An improper neutralization of argument delimiters in a command vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to alter execution logic.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3297 build 20251024 and later
QuTS hero h5.2.7.32
nvd
CVE-2025-66280P3HIGHCVSS 7.2≥ 5.2.0, < 5.2.9.3410 build 202602142026-06-10
CVE-2025-66280 [HIGH] CWE-121 CVE-2025-66280: An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating s
An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to compromise the security of the system.
We have already fixed the vulnerability in the following versions:
QTS 5.2.9.3410 build 20260214 and
nvd
CVE-2021-44052P3HIGHCVSS 8.1≥ unspecified, < 4.3.4.1976 build 20220303≥ unspecified, < 4.3.3.1945 build 20220303+4 more2022-05-05
CVE-2021-44052 [HIGH] CWE-59 CVE-2021-44052: An improper link resolution before file access ('Link Following') vulnerability has been reported to
An improper link resolution before file access ('Link Following') vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed this vul
nvd
CVE-2024-27124P3HIGHCVSS 7.5≥ 5.1.x, < 5.1.3.2578 build 20231110≥ 4.5.x, < 4.5.4.2627 build 202312252024-04-26
CVE-2024-27124 [HIGH] CWE-78 CVE-2024-27124: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.
nvd
CVE-2024-21900P3MEDIUMCVSS 6.5≥ 5.1.x, < 5.1.3.2578 build 202311102024-03-08
CVE-2024-21900 [MEDIUM] CWE-74 CVE-2024-21900: An injection vulnerability has been reported to affect several QNAP operating system versions. If ex
An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuT
nvd
CVE-2023-34980P3HIGHCVSS 8.4≥ 4.5.x, < 4.5.4.2627 build 202312252024-03-08
CVE-2023-34980 [HIGH] CWE-78 CVE-2023-34980: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h4.5.4.2626 build 2023
nvd
CVE-2023-50363P3HIGHCVSS 8.1≥ 5.1.x, < 5.1.6.2722 build 202404022024-04-26
CVE-2023-50363 [HIGH] CWE-285 CVE-2023-50363: An incorrect authorization vulnerability has been reported to affect several QNAP operating system v
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2
nvd
CVE-2024-21902P3HIGHCVSS 8.1≥ 5.1.x, < 5.1.7.2770 build 202405202024-05-21
CVE-2024-21902 [HIGH] CWE-200 CVE-2024-21902: An incorrect permission assignment for critical resource vulnerability has been reported to affect s
An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network.
We have already fixed the vulnerability in the following version:
QTS 5.1.7.2770 build 20240520 and lat
nvd
CVE-2023-39300P3HIGHCVSS 7.2≥ 4.3.6, < 4.3.6.2805 build 20240619≥ 4.3.4, < 4.3.4.2814 build 20240618+2 more2024-09-06
CVE-2023-39300 [HIGH] CWE-78 CVE-2023-39300: An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vuln
An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.3.6.2805 build 20240619 and later
QTS 4.3.4.2814 build 20240618 and later
QTS 4.3.3.2784 build
nvd
CVE-2024-21905P3HIGHCVSS 8.2≥ 5.1.x, < 5.1.3.2578 build 202311102024-04-26
CVE-2024-21905 [HIGH] CWE-190 CVE-2024-21905: An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating s
An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 b
nvd
CVE-2021-34343P3HIGHCVSS 7.2≥ unspecified, < 4.5.4.1715 build 20210630≥ unspecified, < 5.0.0.1716 build 202107012021-09-10
CVE-2021-34343 [HIGH] CWE-787 CVE-2021-34343: A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud
A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QTS, QuTScloud, QuTS hero: QTS 4.5.4.1715 build 20210630 and later QTS 5.0.0.1716 build 20210
nvd
CVE-2023-23367P3HIGHCVSS 7.2≥ 5.0.x, < 5.0.1.2376 build 202304212023-11-10
CVE-2023-23367 [HIGH] CWE-78 CVE-2023-23367: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QuTS hero h5.0.1.2376 build 2023
nvd
CVE-2023-47566P3HIGHCVSS 7.2≥ 5.1.x, < 5.1.5.2645 build 202401162024-02-02
CVE-2023-47566 [HIGH] CWE-78 CVE-2023-47566: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QuTS hero h5.1.5.2647 build 2024
nvd
CVE-2025-9110P3HIGHCVSS 7.5≥ 5.2.x, < 5.2.8.3332 build 202511282026-01-02
CVE-2025-9110 [HIGH] CWE-497 CVE-2025-9110: An exposure of sensitive system information to an unauthorized control sphere vulnerability has been
An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3332 build 20251128 and later
QuTS
nvd
CVE-2023-34979P3HIGHCVSS 7.2≥ 4.5.x, < 4.5.4.2790 build 202406052024-09-06
CVE-2023-34979 [HIGH] CWE-78 CVE-2023-34979: An OS command injection vulnerability has been reported to affect several QNAP operating system vers
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.5.4.2790 build 20240605 and later
QuTS hero h4.5.4.2790 build 2024
nvd