Security Vulnerabilities
An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames (Source1Filename and the string returned by FileUtil_FileStateStr) into this buffer without any length checking and without using bounded format specifiers such as %.*s. If the filename length approaches OS_MAX_PATH_LEN (commonly 64-256 bytes), the combined formatted string together with constant text can exceed 256 bytes, resulting in a stack buffer overflow. Such unsafe sprintf calls are scattered across multiple functions in file.c, including FILE_ConcatenateCmd() and ConcatenateFiles(), all of which fail to validate the output length.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-02-11
A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5190 and later
CVSS Score
4.4
EPSS Score
0.0
Published
2026-02-11
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version:
QuTS hero h5.3.2.3354 build 20251225 and later
CVSS Score
4.9
EPSS Score
0.001
Published
2026-02-11
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version:
QuTS hero h5.3.2.3354 build 20251225 and later
CVSS Score
4.9
EPSS Score
0.001
Published
2026-02-11
A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to unintended locations.
We have already fixed the vulnerability in the following versions:
QTS 5.2.8.3350 build 20251216 and later
QuTS hero h5.3.2.3354 build 20251225 and later
QuTS hero h5.2.8.3350 build 20251216 and later
CVSS Score
9.8
EPSS Score
0.001
Published
2026-02-11
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5190 and later
CVSS Score
6.5
EPSS Score
0.001
Published
2026-02-11
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVSS Score
6.5
EPSS Score
0.001
Published
2026-02-11
A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
File Station 5 5.5.6.5190 and later
CVSS Score
6.5
EPSS Score
0.001
Published
2026-02-11
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version:
Qsync Central 5.0.0.4 ( 2026/01/20 ) and later
CVSS Score
4.9
EPSS Score
0.0
Published
2026-02-11
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version:
QuTS hero h5.3.2.3354 build 20251225 and later
CVSS Score
4.9
EPSS Score
0.001
Published
2026-02-11