Shodan
Vulnerabilities
Vulnerable Software
Qnap:  >> Qts  >> 4.3.3.0095  Security Vulnerabilities
CVE-2020-2492
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.
CVSS Score
7.2
EPSS Score
0.021
Published
2020-11-16
CVE-2020-2490
If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.
CVSS Score
7.2
EPSS Score
0.018
Published
2020-11-16
CVE-2018-19943
Known exploited
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later
CVSS Score
8.0
EPSS Score
0.112
Published
2020-10-28
CVE-2018-19949
Known exploited
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
CVSS Score
9.8
EPSS Score
0.692
Published
2020-10-28
CVE-2018-19953
Known exploited
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
CVSS Score
6.1
EPSS Score
0.414
Published
2020-10-28
CVE-2019-7185
This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-12-05
CVE-2018-0728
This improper access control vulnerability in Helpdesk allows attackers to access the system logs. To fix the vulnerability, QNAP recommend updating QTS and Helpdesk to their latest versions.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-12-04
CVE-2018-0712
Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 and their earlier versions could allow remote attackers to run arbitrary commands or install malware on the NAS.
CVSS Score
9.8
EPSS Score
0.027
Published
2018-06-21
CVE-2017-17027
A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.
CVSS Score
9.8
EPSS Score
0.034
Published
2017-12-21
CVE-2017-17028
A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.
CVSS Score
9.8
EPSS Score
0.034
Published
2017-12-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved