Vulnerabilities > Qnap > Media Streaming ADD ON
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-03 | CVE-2023-23369 | OS Command Injection vulnerability in Qnap QTS An OS command injection vulnerability has been reported to affect several QNAP operating system versions. | 9.8 |
| 2021-10-22 | CVE-2021-34362 | Command Injection vulnerability in Qnap Media Streaming Add-On A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. | 7.2 |
| 2021-04-17 | CVE-2020-36195 | SQL Injection vulnerability in Qnap QTS An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. | 9.8 |
| 2018-03-08 | CVE-2017-7641 | Cross-Site Request Forgery (CSRF) vulnerability in Qnap Media Streaming Add-On QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not utilize CSRF protections. | 8.8 |
| 2018-03-08 | CVE-2017-7640 | OS Command Injection vulnerability in Qnap Media Streaming Add-On QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to run arbitrary OS commands against the system with root privileges. | 9.8 |
| 2018-03-08 | CVE-2017-7638 | Improper Authentication vulnerability in Qnap Media Streaming Add-On QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not authenticate requests properly. | 6.5 |
| 2018-03-08 | CVE-2017-7634 | Cross-site Scripting vulnerability in Qnap Media Streaming Add-On Cross-site scripting (XSS) vulnerability in QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to inject arbitrary web script or HTML. | 6.1 |