Vulnerabilities > Qnap > QTS > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-04-17 CVE-2020-2509 Command Injection vulnerability in Qnap QTS
A command injection vulnerability has been reported to affect QTS and QuTS hero.
network
low complexity
qnap CWE-77
critical
 9.8
9.8
2021-04-17 CVE-2020-36195 SQL Injection vulnerability in Qnap QTS
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on.
network
low complexity
qnap CWE-89
critical
 9.8
9.8
2020-12-31 CVE-2018-19945 Path Traversal vulnerability in Qnap QTS
A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6.
network
low complexity
qnap CWE-22
critical
 9.1
9.1
2020-12-10 CVE-2019-7198 Command Injection vulnerability in Qnap QTS and Quts Hero
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application.
network
low complexity
qnap CWE-77
critical
 9.8
9.8
2020-10-28 CVE-2018-19949 Command Injection vulnerability in Qnap QTS
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands.
network
low complexity
qnap CWE-77
critical
 9.8
9.8
2019-12-05 CVE-2019-7183 Link Following vulnerability in Qnap QTS
This improper link resolution vulnerability allows remote attackers to access system files.
network
low complexity
qnap CWE-59
critical
 9.8
9.8
2019-12-05 CVE-2019-7193 Improper Input Validation vulnerability in Qnap QTS
This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system.
network
low complexity
qnap CWE-20
critical
 9.8
9.8
2019-12-04 CVE-2018-0730 Command Injection vulnerability in Qnap QTS
This command injection vulnerability in File Station allows attackers to execute commands on the affected device.
network
low complexity
qnap CWE-77
critical
 9.8
9.8
2018-11-28 CVE-2018-14746 Command Injection vulnerability in Qnap QTS
Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS.
network
low complexity
qnap CWE-77
critical
 9.8
9.8
2018-11-28 CVE-2018-14749 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS
Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS.
network
low complexity
qnap CWE-119
critical
 9.8
9.8