Vulnerabilities > Qnap > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-13 | CVE-2013-6277 | Use of Hard-coded Credentials vulnerability in Qnap Viocard 300 Firmware Rsb3722/Rsb4631 QNAP VioCard 300 has hardcoded RSA private keys. | 7.5 |
| 2019-12-04 | CVE-2019-7201 | Unquoted Search Path or Element vulnerability in Qnap Netbak Replicator 4.5.11.816 An unquoted service path vulnerability is reported to affect the service QVssService in QNAP NetBak Replicator. | 7.8 |
| 2019-12-04 | CVE-2018-0728 | Improper Privilege Management vulnerability in Qnap Helpdesk This improper access control vulnerability in Helpdesk allows attackers to access the system logs. | 7.5 |
| 2019-05-09 | CVE-2019-7181 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qnap Myqnapcloud 1.0.52/1.3.3.0925 Buffer Overflow vulnerability in myQNAPcloud Connect 1.3.3.0925 and earlier could allow remote attackers to crash the program. | 7.5 |
| 2019-02-01 | CVE-2018-0722 | Path Traversal vulnerability in Qnap Photo Station Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device. | 7.5 |
| 2018-11-28 | CVE-2018-14748 | Incorrect Authorization vulnerability in Qnap QTS Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS. | 7.5 |
| 2018-11-28 | CVE-2018-14747 | NULL Pointer Dereference vulnerability in Qnap QTS NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server. | 7.5 |
| 2018-07-17 | CVE-2018-0710 | OS Command Injection vulnerability in Qnap Q'Center Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | 8.8 |
| 2018-07-17 | CVE-2018-0709 | OS Command Injection vulnerability in Qnap Q'Center Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | 8.8 |
| 2018-07-17 | CVE-2018-0708 | OS Command Injection vulnerability in Qnap Q'Center Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. | 8.8 |