Shodan
Vulnerabilities
Vulnerable Software
Qnap:  Security Vulnerabilities
CVE-2017-12582
Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-08-18
CVE-2017-7629
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-06-15
CVE-2017-7876
This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions.
CVSS Score
10.0
EPSS Score
0.067
Published
2017-06-15
CVE-2017-5227
QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file.
CVSS Score
7.5
EPSS Score
0.214
Published
2017-03-23
CVE-2017-6359
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.781
Published
2017-03-23
CVE-2017-6360
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.8
Published
2017-03-23
CVE-2017-6361
QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.905
Published
2017-03-23
CVE-2015-5664
Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.003
Published
2016-07-03
CVE-2015-7261
The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21.
CVSS Score
9.8
EPSS Score
0.003
Published
2016-02-27
CVE-2015-7262
QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, allows remote authenticated users to gain privileges by registering an executable file, and then waiting for this file to be run in a privileged context after a reboot.
CVSS Score
7.5
EPSS Score
0.002
Published
2016-02-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved