Qnap: Security Vulnerabilities
Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710.
CVSS Score
7.7
EPSS Score
0.013
Published
2018-11-27
Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-11-27
Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.
CVSS Score
9.8
EPSS Score
0.057
Published
2018-09-14
Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application.
CVSS Score
6.1
EPSS Score
0.067
Published
2018-08-27
Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application.
CVSS Score
9.8
EPSS Score
0.057
Published
2018-08-13
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS Score
7.2
EPSS Score
0.747
Published
2018-07-17
Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS Score
8.8
EPSS Score
0.473
Published
2018-07-17
Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS Score
8.8
EPSS Score
0.346
Published
2018-07-17
Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS Score
8.8
EPSS Score
0.192
Published
2018-07-17
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.
CVSS Score
8.8
EPSS Score
0.607
Published
2018-07-17