A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.9.3410 build 20260214 and later
QuTS hero h5.2.9.3410 build 20260214 and later
QuTS hero h5.3.4.3500 build 20260520 and later
QuTS hero h6.0.0.3397 build 20260206 and later
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.9.3410 build 20260214 and later
QuTS hero h5.2.9.3410 build 20260214 and later
QuTS hero h5.3.4.3500 build 20260520 and later
QuTS hero h6.0.0.3459 build 20260409 and later
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.9.3410 build 20260214 and later
QuTS hero h5.2.9.3410 build 20260214 and later
QuTS hero h5.3.4.3500 build 20260520 and later
QuTS hero h6.0.0.3397 build 20260206 and later
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QTS 5.2.9.3410 build 20260214 and later
QuTS hero h5.2.9.3410 build 20260214 and later
QuTS hero h5.3.4.3500 build 20260520 and later
QuTS hero h6.0.0.3397 build 20260206 and later
An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to compromise the security of the system.
We have already fixed the vulnerability in the following versions:
QTS 5.2.9.3410 build 20260214 and later
QuTS hero h5.2.9.3410 build 20260214 and later
QuTS hero h5.3.4.3500 build 20260520 and later
QuTS hero h6.0.0.3397 build 20260206 and later
A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
License Center 1.9.56 and later
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QuTS hero h5.2.9.3410 build 20260214 and later
QuTS hero h5.3.4.3500 build 20260520 and later
QuTS hero h6.0.0.3459 build 20260409 and later
An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges.
We have already fixed the vulnerability in the following version:
QuMagie 2.9.1 and later
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following versions:
QTS 5.2.9.3410 build 20260214 and later
QuTS hero h5.2.9.3410 build 20260214 and later
QuTS hero h5.3.4.3500 build 20260520 and later
QuTS hero h6.0.0.3397 build 20260206 and later