Vulnerabilities > Qnap > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-09 | CVE-2013-6276 | Use of Hard-coded Credentials vulnerability in Qnap products QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. | 9.8 |
| 2021-07-08 | CVE-2021-28809 | Missing Authentication for Critical Function vulnerability in Qnap Hybrid Backup Sync 3.0.210411/3.0.210412 An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. | 10.0 |
| 2021-05-13 | CVE-2021-28799 | Unspecified vulnerability in Qnap Hybrid Backup Sync An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. | 9.8 |
| 2021-04-17 | CVE-2020-2509 | Command Injection vulnerability in Qnap QTS A command injection vulnerability has been reported to affect QTS and QuTS hero. | 9.8 |
| 2021-02-03 | CVE-2020-2506 | Unspecified vulnerability in Qnap Helpdesk The vulnerability have been reported to affect earlier versions of QTS. | 9.8 |
| 2020-11-02 | CVE-2018-19950 | Command Injection vulnerability in Qnap Music Station If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. | 9.8 |
| 2019-12-05 | CVE-2019-7193 | Improper Input Validation vulnerability in Qnap QTS This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. | 9.8 |
| 2018-11-28 | CVE-2018-14746 | Command Injection vulnerability in Qnap QTS Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS. | 10.0 |
| 2018-11-27 | CVE-2018-0721 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap QTS 4.2.6/4.3.3/4.3.4 Buffer Overflow vulnerability in NAS devices. | 10.0 |
| 2018-07-17 | CVE-2018-0710 | OS Command Injection vulnerability in Qnap Q'Center Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | 9.0 |