Qnap Systems Inc Quts Hero vulnerabilities
217 known vulnerabilities affecting qnap_systems_inc/quts_hero.
Total CVEs
217
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
2
Severity breakdown
CRITICAL11HIGH80MEDIUM90LOW36
Vulnerabilities
Page 3 of 11
CVE-2025-52432MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-52432 [MEDIUM] CWE-476 CVE-2025-52432: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-47213MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-47213 [MEDIUM] CWE-476 CVE-2025-47213: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-52427MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-52427 [MEDIUM] CWE-476 CVE-2025-52427: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-48729MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-48729 [MEDIUM] CWE-476 CVE-2025-48729: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-48726MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-48726 [MEDIUM] CWE-476 CVE-2025-48726: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-52854MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-52854 [MEDIUM] CWE-476 CVE-2025-52854: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-52866MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-52866 [MEDIUM] CWE-476 CVE-2025-52866: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-52855MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-52855 [MEDIUM] CWE-476 CVE-2025-52855: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-48728MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-48728 [MEDIUM] CWE-476 CVE-2025-48728: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-52429MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-52429 [MEDIUM] CWE-134 CVE-2025-52429: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 202
cvelistv5nvd
CVE-2025-48730MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-48730 [MEDIUM] CWE-134 CVE-2025-48730: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 202
cvelistv5nvd
CVE-2025-48727MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-48727 [MEDIUM] CWE-476 CVE-2025-48727: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-47211MEDIUMCVSS 6.9≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-47211 [MEDIUM] CWE-22 CVE-2025-47211: A path traversal vulnerability has been reported to affect several QNAP operating system versions. I
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and l
cvelistv5nvd
CVE-2025-52853MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-52853 [MEDIUM] CWE-476 CVE-2025-52853: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-53406MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-53406 [MEDIUM] CWE-134 CVE-2025-53406: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 202
cvelistv5nvd
CVE-2025-52859MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-52859 [MEDIUM] CWE-476 CVE-2025-52859: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and lat
cvelistv5nvd
CVE-2025-53407MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.6.3195 build 202507152025-10-03
CVE-2025-53407 [MEDIUM] CWE-134 CVE-2025-53407: A use of externally-controlled format string vulnerability has been reported to affect several QNAP
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 202
cvelistv5nvd
CVE-2025-30264HIGHCVSS 7.7≥ h5.2.x, < h5.2.5.3138 build 202505192025-08-29
CVE-2025-30264 [HIGH] CWE-77 CVE-2025-30264: A command injection vulnerability has been reported to affect several QNAP operating system versions
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20
cvelistv5nvd
CVE-2025-30273HIGHCVSS 7.1≥ h5.2.x, < h5.2.5.3138 build 202505192025-08-29
CVE-2025-30273 [HIGH] CWE-787 CVE-2025-30273: An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versi
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build
cvelistv5nvd
CVE-2025-30274MEDIUMCVSS 5.1≥ h5.2.x, < h5.2.5.3138 build 202505192025-08-29
CVE-2025-30274 [MEDIUM] CWE-476 CVE-2025-30274: A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system v
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.5.3145 build 20250526 and later
QuTS hero h5.2.5.3138 build 20250519 and later
cvelistv5nvd