Qnap Systems Inc Qts vulnerabilities
237 known vulnerabilities affecting qnap_systems_inc/qts.
Total CVEs
237
CISA KEV
4
actively exploited
Public exploits
1
Exploited in wild
5
Severity breakdown
CRITICAL17HIGH86MEDIUM98LOW36
Vulnerabilities
Page 4 of 12
CVE-2025-30273HIGHCVSS 7.1≥ 5.2.x, < 5.2.5.3145 build 202505262025-08-29
CVE-2025-30273 [HIGH] CWE-787 CVE-2025-30273: An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versi
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build
cvelistv5nvd
CVE-2025-30274MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.5.3145 build 202505262025-08-29
CVE-2025-30274 [MEDIUM] CWE-476 CVE-2025-30274: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
cvelistv5nvd
CVE-2025-30267MEDIUMCVSS 5.3≥ 5.2.x, < 5.2.5.3145 build 202505262025-08-29
CVE-2025-30267 [MEDIUM] CWE-476 CVE-2025-30267: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS he
cvelistv5nvd
CVE-2025-33032MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.5.3145 build 202505262025-08-29
CVE-2025-33032 [MEDIUM] CWE-22 CVE-2025-33032: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
QTS 5.2.5.3145 build 20250526 and la
cvelistv5nvd
CVE-2025-30272MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.5.3145 build 202505262025-08-29
CVE-2025-30272 [MEDIUM] CWE-476 CVE-2025-30272: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
cvelistv5nvd
CVE-2025-30270MEDIUMCVSS 5.3≥ 5.2.x, < 5.2.5.3145 build 202505262025-08-29
CVE-2025-30270 [MEDIUM] CWE-22 CVE-2025-30270: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS
cvelistv5nvd
CVE-2025-30271MEDIUMCVSS 5.3≥ 5.2.x, < 5.2.5.3145 build 202505262025-08-29
CVE-2025-30271 [MEDIUM] CWE-22 CVE-2025-30271: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS
cvelistv5nvd
CVE-2025-30268MEDIUMCVSS 5.3≥ 5.2.x, < 5.2.5.3145 build 202505262025-08-29
CVE-2025-30268 [MEDIUM] CWE-476 CVE-2025-30268: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS he
cvelistv5nvd
CVE-2025-29882MEDIUMCVSS 5.3≥ 5.2.x, < 5.2.5.3145 build 202505262025-08-29
CVE-2025-29882 [MEDIUM] CWE-476 CVE-2025-29882: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS he
cvelistv5nvd
CVE-2025-30265LOWCVSS 2.3≥ 5.2.x, < 5.2.5.3145 build 202505262025-08-29
CVE-2025-30265 [LOW] CWE-120 CVE-2025-30265: A buffer overflow vulnerability has been reported to affect several QNAP operating system versions.
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build
cvelistv5nvd
CVE-2025-22481HIGHCVSS 8.7≥ 5.2.x, < 5.2.4.3079 build 202503212025-06-06
CVE-2025-22481 [HIGH] CWE-77 CVE-2025-22481: A command injection vulnerability has been reported to affect several QNAP operating system versions
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.4.3079 build 20250321 and later
QuTS hero h5.2.4.3079 bu
cvelistv5nvd
CVE-2024-56805MEDIUMCVSS 5.3≥ 5.2.x, < 5.2.4.3079 build 202503212025-06-06
CVE-2024-56805 [MEDIUM] CWE-120 CVE-2024-56805: A buffer overflow vulnerability has been reported to affect several QNAP operating system versions.
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.4.3079 build 20250321 and later
QuTS hero h5.2.4.3
cvelistv5nvd
CVE-2024-13086HIGHCVSS 7.5≥ 5.x, < QTS 5.2.0.2851 build 202408082025-03-07
CVE-2024-13086 [HIGH] CWE-200 CVE-2024-13086: An exposure of sensitive information vulnerability has been reported to affect product. If exploited
An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.
We have already fixed the vulnerability in the following version:
QTS 5.2.0.2851 build 20240808 and later
QuTS hero h5.2.0.2851 build 20240808 and later
cvelistv5nvd
CVE-2024-53693HIGHCVSS 7.1≥ 5.2.x, < 5.2.3.3006 build 202501082025-03-07
CVE-2024-53693 [HIGH] CWE-93 CVE-2024-53693: An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to a
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20
cvelistv5nvd
CVE-2024-53696MEDIUMCVSS 5.1≥ 4.5.x, < 4.5.4.2957 build 202411192025-03-07
CVE-2024-53696 [MEDIUM] CWE-918 CVE-2024-53696: A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If expl
A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data.
We have already fixed the vulnerability in the following versions:
QuLog Center 1.7.0.829 ( 2024/10/01 ) and later
QuLog Center 1.8.0
cvelistv5nvd
CVE-2024-53692MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.3.3006 build 202501082025-03-07
CVE-2024-53692 [MEDIUM] CWE-77 CVE-2024-53692: A command injection vulnerability has been reported to affect several QNAP operating system versions
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.
cvelistv5nvd
CVE-2024-50405MEDIUMCVSS 5.1≥ 5.2.x, < 5.2.3.3006 build 202501082025-03-07
CVE-2024-50405 [MEDIUM] CWE-93 CVE-2024-50405: An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to a
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.30
cvelistv5nvd
CVE-2024-53698LOWCVSS 2.1≥ 5.2.x, < 5.2.3.3006 build 202501082025-03-07
CVE-2024-53698 [LOW] CWE-415 CVE-2024-53698: A double free vulnerability has been reported to affect several QNAP operating system versions. If e
A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 202501
cvelistv5nvd
CVE-2024-53699LOWCVSS 2.1≥ 5.2.x, < 5.2.3.3006 build 202501082025-03-07
CVE-2024-53699 [LOW] CWE-787 CVE-2024-53699: An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versi
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2
cvelistv5nvd
CVE-2024-53697LOWCVSS 2.1≥ 5.2.x, < 5.2.3.3006 build 202501082025-03-07
CVE-2024-53697 [LOW] CWE-787 CVE-2024-53697: An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versi
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2
cvelistv5nvd