Vulnerabilities > Qnap > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-05 | CVE-2017-7633 | Information Exposure vulnerability in Qnap Qfinder PRO 6.1.0.0317 QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive information contained in NAS devices. | 5.0 |
| 2017-10-06 | CVE-2017-13068 | SQL Injection vulnerability in Qnap QTS Helpdesk QNAP has already patched this vulnerability. | 5.0 |
| 2017-06-15 | CVE-2017-7629 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Qnap QTS QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function. | 5.0 |
| 2017-03-23 | CVE-2017-5227 | Information Exposure vulnerability in Qnap QTS QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file. | 5.0 |
| 2016-07-03 | CVE-2015-5664 | Cross-site Scripting vulnerability in Qnap QTS Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2016-02-27 | CVE-2015-6036 | Unspecified vulnerability in Qnap Sinage Station 2.0.0 QNAP Signage Station before 2.0.1 allows remote attackers to bypass authentication, and consequently upload files, via a spoofed HTTP request. | 5.0 |
| 2014-06-09 | CVE-2013-5760 | Information Exposure vulnerability in Qnap Photo Station and Photo Station Firmware QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php. | 5.0 |
| 2013-06-07 | CVE-2013-0144 | Cross-Site Request Forgery (CSRF) vulnerability in Qnap Viostor Network Video Recorder 4.0.3 Cross-site request forgery (CSRF) vulnerability in cgi-bin/create_user.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a NEW USER action. | 6.8 |
| 2013-06-07 | CVE-2013-0143 | Code Injection vulnerability in Qnap products cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string. | 6.5 |
| 2013-06-07 | CVE-2013-0142 | Credentials Management vulnerability in Qnap products QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors. | 5.0 |