Vulnerabilities > Qnap > QTS

DATE CVE VULNERABILITY TITLE RISK
2017-06-15 CVE-2017-7629 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Qnap QTS
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.
network
low complexity
qnap CWE-640
5.0
5.0
2017-03-23 CVE-2017-6361 OS Command Injection vulnerability in Qnap QTS
QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
network
low complexity
qnap CWE-78
critical
 10.0
10
2017-03-23 CVE-2017-6360 OS Command Injection vulnerability in Qnap QTS
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors.
network
low complexity
qnap CWE-78
critical
 10.0
10
2017-03-23 CVE-2017-6359 OS Command Injection vulnerability in Qnap QTS
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors.
network
low complexity
qnap CWE-78
critical
 10.0
10
2017-03-23 CVE-2017-5227 Information Exposure vulnerability in Qnap QTS
QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file.
network
low complexity
qnap CWE-200
5.0
5.0
2016-07-03 CVE-2015-5664 Cross-site Scripting vulnerability in Qnap QTS
Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
qnap CWE-79
4.3
4.3
2015-10-16 CVE-2015-6003 Path Traversal vulnerability in Qnap QTS
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.
network
qnap CWE-22
critical
 9.3
9.3
2014-01-09 CVE-2013-7174 Path Traversal vulnerability in Qnap QTS 4.0/4.0.3
Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attackers to read arbitrary files via a full pathname in the f parameter.
network
low complexity
qnap CWE-22
7.8
7.8