Shodan
Vulnerabilities
Vulnerable Software
Qnap:  Security Vulnerabilities
CVE-2017-13072
Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-06-21
CVE-2018-0712
Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 and their earlier versions could allow remote attackers to run arbitrary commands or install malware on the NAS.
CVSS Score
9.8
EPSS Score
0.03
Published
2018-06-21
CVE-2017-7635
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-06-05
CVE-2017-7636
Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-06-05
CVE-2017-7637
QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges.
CVSS Score
9.8
EPSS Score
0.033
Published
2018-06-05
CVE-2017-7639
QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-06-05
CVE-2018-0711
Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-04-30
CVE-2017-13073
Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-04-23
CVE-2017-7630
QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to obtain potentially sensitive information (firmware version and running services) via a request to sysinfoReq.cgi.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-03-27
CVE-2017-7631
Cross-site scripting (XSS) vulnerability in the share link function of File Station of QNAP 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-03-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved