Qnap Systems Inc Qts vulnerabilities
249 known vulnerabilities affecting qnap_systems_inc/qts.
Total CVEs
249
CISA KEV
4
actively exploited
Public exploits
3
Exploited in wild
10
Severity breakdown
CRITICAL22HIGH111MEDIUM113LOW3
Vulnerabilities
Page 7 of 13
CVE-2023-32972P3HIGHCVSS 7.2≥ 5.0.x, < 5.0.1.2425 build 20230609≥ 5.1.x, < 5.1.0.2444 build 20230629+1 more2023-10-06
CVE-2023-32972 [HIGH] CWE-120 CVE-2023-32972: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444
nvd
CVE-2024-53699P3HIGHCVSS 7.2≥ 5.2.x, < 5.2.3.3006 build 202501082025-03-07
CVE-2024-53699 [HIGH] CWE-787 CVE-2024-53699: An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versi
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.
nvd
CVE-2024-53697P3HIGHCVSS 7.2≥ 5.2.x, < 5.2.3.3006 build 202501082025-03-07
CVE-2024-53697 [HIGH] CWE-787 CVE-2024-53697: An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versi
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.
nvd
CVE-2018-0721P3HIGHCVSS 7.7≥ unspecified, ≤ 4.2.62018-11-27
CVE-2018-0721 [HIGH] CWE-120 CVE-2018-0721: Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue
Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710.
nvd
CVE-2023-32974P3HIGHCVSS 7.5≥ 5.1.x, < 5.1.0.2444 build 202306292023-10-13
CVE-2023-32974 [HIGH] CWE-22 CVE-2023-32974: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.0.2444 build 20230629 and later
QuTS hero h5.1.
nvd
CVE-2025-66281P3HIGHCVSS 7.2≥ 5.2.0, < 5.2.9.3410 build 202602142026-06-10
CVE-2025-66281 [HIGH] CWE-476 CVE-2025-66281: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.9.3410 build 20260214 and later
QuTS hero h5.2.9.3410 build 20260214
nvd
CVE-2026-24716P3HIGHCVSS 7.2≥ 5.2.0, < 5.2.9.3492 build 202605072026-06-10
CVE-2026-24716 [HIGH] CWE-476 CVE-2026-24716: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.9.3492 build 20260507 and later
nvd
CVE-2021-28798P3HIGHCVSS 7.5≥ unspecified, < 4.5.2.1630 Build 20210406≥ unspecified, < 4.3.6.1663 Build 20210504+1 more2021-05-21
CVE-2021-28798 [HIGH] CWE-23 CVE-2021-28798: A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS he
A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to modify files that impact system integrity. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.2.1630 Build 20210406 and later QTS 4.3.6.1663 Build 20210504 and later QTS
nvd
CVE-2025-62848P3HIGHCVSS 7.5≥ 5.2.x, < 5.2.7.3297 build 202510242025-12-16
CVE-2025-62848 [HIGH] CWE-476 CVE-2025-62848: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3297 build 20251024 and later
QuTS hero h5.2.7.3297 build 20251024
nvd
CVE-2026-24717P3MEDIUMCVSS 6.5≥ 5.2.0, < 5.2.9.3492 build 202605072026-06-10
CVE-2026-24717 [MEDIUM] CWE-22 CVE-2026-24717: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.9.3492 build 20260507 and l
nvd
CVE-2023-34971P3HIGHCVSS 8.8≥ 5.0.*, < 5.0.1.2425 build 20230609≥ 5.1.*, < 5.1.0.2444 build 20230629+1 more2023-08-24
CVE-2023-34971 [HIGH] CWE-326 CVE-2023-34971: An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems.
An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5
nvd
CVE-2024-13086P3HIGHCVSS 7.5≥ 5.x, < QTS 5.2.0.2851 build 202408082025-03-07
CVE-2024-13086 [HIGH] CWE-200 CVE-2024-13086: An exposure of sensitive information vulnerability has been reported to affect product. If exploited
An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.
We have already fixed the vulnerability in the following version:
QTS 5.2.0.2851 build 20240808 and later
QuTS hero h5.2.0.2851 build 20240808 and later
nvd
CVE-2024-48865P3HIGHCVSS 7.5≥ 5.1.x, < 5.1.9.2954 build 20241120≥ 5.2.x, < 5.2.2.2950 build 202411142024-12-06
CVE-2024-48865 [HIGH] CWE-295 CVE-2024-48865: An improper certificate validation vulnerability has been reported to affect several QNAP operating
An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system.
We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2
nvd
CVE-2018-19944P3HIGHCVSS 7.5≥ unspecified, < 4.4.3.13542020-12-31
CVE-2018-19944 [HIGH] CWE-311 CVE-2018-19944: A cleartext transmission of sensitive information vulnerability has been reported to affect certain
A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this vulnerability allows a remote attacker to gain access to sensitive information. QNAP have already fixed this vulnerability in the following versions: QTS 4.4.3.1354 build 20200702 (and later)
nvd
CVE-2024-21901P3MEDIUMCVSS 4.7≥ 4.5.x, < 4.5.4.2627 build 202312252024-03-08
CVE-2024-21901 [MEDIUM] CWE-89 CVE-2024-21901: A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerabili
A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
myQNAPcloud 1.0.52 ( 2023/11/24 ) and later
QTS 4.5.4.2627 build 20231225 and later
nvd
CVE-2025-62858P3MEDIUMCVSS 6.5≥ 5.2.0, < 5.2.9.3410 build 202602142026-06-09
CVE-2025-62858 [MEDIUM] CWE-121 CVE-2025-62858: A buffer overflow vulnerability has been reported to affect several QNAP operating system versions.
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.9.3410 build 20260214 and later
QuTS hero h5.2
nvd
CVE-2025-30270P3MEDIUMCVSS 6.5≥ 5.2.x, < 5.2.5.3145 build 202505262025-08-29
CVE-2025-30270 [MEDIUM] CWE-22 CVE-2025-30270: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS
nvd
CVE-2025-30271P3MEDIUMCVSS 6.5≥ 5.2.x, < 5.2.5.3145 build 202505262025-08-29
CVE-2025-30271 [MEDIUM] CWE-22 CVE-2025-30271: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS
nvd
CVE-2025-48730P3MEDIUMCVSS 6.5≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-48730 [MEDIUM] CWE-134 CVE-2025-48730: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 202
nvd
CVE-2025-53591P3MEDIUMCVSS 6.5≥ 5.2.x, < 5.2.7.3256 build 202509132026-01-02
CVE-2025-53591 [MEDIUM] CWE-134 CVE-2025-53591: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.7.3256 build 202
nvd