cbcvebase.

Qnap Systems Inc Qts vulnerabilities

249 known vulnerabilities affecting qnap_systems_inc/qts.

Total CVEs
249
CISA KEV
4
actively exploited
Public exploits
3
Exploited in wild
10
Severity breakdown
CRITICAL22HIGH111MEDIUM113LOW3

Vulnerabilities

Page 9 of 13
CVE-2024-53692P3MEDIUMCVSS 4.7≥ 5.2.x, < 5.2.3.3006 build 202501082025-03-07
CVE-2024-53692 [MEDIUM] CWE-77 CVE-2024-53692: A command injection vulnerability has been reported to affect several QNAP operating system versions A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.
nvd
CVE-2025-29882P3MEDIUMCVSS 6.5≥ 5.2.x, < 5.2.5.3145 build 202505262025-08-29
CVE-2025-29882 [MEDIUM] CWE-476 CVE-2025-29882: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS he
nvd
CVE-2025-30267P3MEDIUMCVSS 6.5≥ 5.2.x, < 5.2.5.3145 build 202505262025-08-29
CVE-2025-30267 [MEDIUM] CWE-476 CVE-2025-30267: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS he
nvd
CVE-2025-30268P3MEDIUMCVSS 6.5≥ 5.2.x, < 5.2.5.3145 build 202505262025-08-29
CVE-2025-30268 [MEDIUM] CWE-476 CVE-2025-30268: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS he
nvd
CVE-2025-30274P4MEDIUMCVSS 6.5≥ 5.2.x, < 5.2.5.3145 build 202505262025-08-29
CVE-2025-30274 [MEDIUM] CWE-476 CVE-2025-30274: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later
nvd
CVE-2025-30272P4MEDIUMCVSS 6.5≥ 5.2.x, < 5.2.5.3145 build 202505262025-08-29
CVE-2025-30272 [MEDIUM] CWE-476 CVE-2025-30272: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later
nvd
CVE-2023-51368P4MEDIUMCVSS 6.5≥ 5.1.x, < 5.1.6.2722 build 202404022024-09-06
CVE-2023-51368 [MEDIUM] CWE-476 CVE-2023-51368: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 buil
nvd
CVE-2025-59380P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.8.3332 build 202511282026-01-02
CVE-2025-59380 [MEDIUM] CWE-22 CVE-2025-59380: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and l
nvd
CVE-2025-47211P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.6.3195 build 202507152025-10-03
CVE-2025-47211 [MEDIUM] CWE-22 CVE-2025-47211: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.6.3195 build 20250715 and l
nvd
CVE-2024-56805P4MEDIUMCVSS 5.4≥ 5.2.x, < 5.2.4.3079 build 202503212025-06-06
CVE-2024-56805 [MEDIUM] CWE-120 CVE-2024-56805: A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3
nvd
CVE-2025-59381P4MEDIUMCVSS 4.9≥ 5.2.0, < 5.2.8.3332 build 202511282026-01-02
CVE-2025-59381 [MEDIUM] CWE-22 CVE-2025-59381: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and l
nvd
CVE-2024-21906P4MEDIUMCVSS 4.7≥ 5.1.x, < 5.1.8.2823 build 202407122024-09-06
CVE-2024-21906 [MEDIUM] CWE-78 CVE-2024-21906: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20
nvd
CVE-2024-21903P4MEDIUMCVSS 4.7≥ 5.1.x, < 5.1.6.2722 build 202404022024-09-06
CVE-2024-21903 [MEDIUM] CWE-77 CVE-2024-21903: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20
nvd
CVE-2025-33032P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.5.3145 build 202505262025-08-29
CVE-2025-33032 [MEDIUM] CWE-22 CVE-2025-33032: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: QTS 5.2.5.3145 build 20250526 and la
nvd
CVE-2021-38693P4MEDIUMCVSS 5.3≥ unspecified, < 5.0.0.1986 build 20220324≥ unspecified, < 4.5.4.1991 build 202203292022-05-05
CVE-2021-38693 [MEDIUM] CWE-22 CVE-2021-38693: A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, QTS, QVR Pro Appl
nvd
CVE-2024-48866P4MEDIUMCVSS 5.3≥ 5.1.x, < 5.1.9.2954 build 20241120≥ 5.2.x, < 5.2.2.2950 build 202411142024-12-06
CVE-2024-48866 [MEDIUM] CWE-177 CVE-2024-48866: An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect severa An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2
nvd
CVE-2025-54165P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.7.3256 build 202509132026-01-02
CVE-2025-54165 [MEDIUM] CWE-125 CVE-2025-54165: An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versio An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 b
nvd
CVE-2025-54164P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.7.3256 build 202509132026-01-02
CVE-2025-54164 [MEDIUM] CWE-125 CVE-2025-54164: An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versio An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 b
nvd
CVE-2025-54166P4MEDIUMCVSS 4.9≥ 5.2.x, < 5.2.7.3256 build 202509132026-01-02
CVE-2025-54166 [MEDIUM] CWE-125 CVE-2025-54166: An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versio An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 b
nvd
CVE-2023-50359P4MEDIUMCVSS 6.7≥ 5.1.x, < 5.1.5.2645 build 202401162024-02-02
CVE-2023-50359 [MEDIUM] CWE-252 CVE-2023-50359: An unchecked return value vulnerability has been reported to affect several QNAP operating system ve An unchecked return value vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated administrators to place the system in a state that could lead to a crash or other unintended behaviors via unspecified vectors. We have already fixed the vulnerability in the fol
nvd
Qnap Systems Inc Qts vulnerabilities | cvebase