Vulnerabilities > Qnap
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-27 | CVE-2015-6036 | Unspecified vulnerability in Qnap Sinage Station 2.0.0 QNAP Signage Station before 2.0.1 allows remote attackers to bypass authentication, and consequently upload files, via a spoofed HTTP request. | 5.0 |
| 2016-02-27 | CVE-2015-6022 | Unspecified vulnerability in Qnap Signage Station 2.0 Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file via an unspecified URL. | 9.0 |
| 2015-10-16 | CVE-2015-6003 | Path Traversal vulnerability in Qnap QTS Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account. | 9.3 |
| 2014-08-25 | CVE-2014-5457 | Permissions, Privileges, and Access Controls vulnerability in Qnap products QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed passwords by reading the password. | 2.1 |
| 2014-06-09 | CVE-2013-5760 | Information Exposure vulnerability in Qnap Photo Station and Photo Station Firmware QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php. | 5.0 |
| 2014-01-09 | CVE-2013-7174 | Path Traversal vulnerability in Qnap QTS 4.0/4.0.3 Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attackers to read arbitrary files via a full pathname in the f parameter. | 7.8 |
| 2013-06-07 | CVE-2013-0144 | Cross-Site Request Forgery (CSRF) vulnerability in Qnap Viostor Network Video Recorder 4.0.3 Cross-site request forgery (CSRF) vulnerability in cgi-bin/create_user.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a NEW USER action. | 6.8 |
| 2013-06-07 | CVE-2013-0143 | Code Injection vulnerability in Qnap products cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string. | 6.5 |
| 2013-06-07 | CVE-2013-0142 | Credentials Management vulnerability in Qnap products QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors. | 5.0 |
| 2009-09-21 | CVE-2009-3279 | Cryptographic Issues vulnerability in Qnap Ts-239 PRO Turbo NAS and Ts-639 PRO Turbo NAS The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 create a LUKS partition by using the AES-256 cipher in plain CBC mode, which allows local users to obtain sensitive information via a watermark attack. | 4.9 |