Browse all 532 CVE security advisories affecting QNAP Systems Inc.. AI-powered Chinese analysis, POCs, and references for each vulnerability.
QNAP Systems Inc. manufactures network-attached storage devices and enterprise storage solutions, primarily serving small to medium-sized businesses and home users seeking centralized data management. Historically, the company’s firmware has exhibited a high volume of vulnerabilities, including remote code execution, cross-site scripting, and privilege escalation flaws. These issues often stem from insufficient input validation and improper access controls within the web management interface or embedded services. Notable incidents involve critical RCE vulnerabilities that allow unauthenticated attackers to gain full system control, exposing connected data to theft or ransomware encryption. The sheer number of recorded CVEs highlights persistent challenges in secure coding practices and rigorous patch management across its diverse product line. While QNAP provides security updates, the frequency of disclosed flaws necessitates strict network segmentation and proactive monitoring for administrators relying on these storage appliances for critical infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-59383 | Media Streaming Add-on — Media Streaming Add-onCWE-121 | 9.1 | - | 2026-03-20 |
| CVE-2025-62843 | QuRouter — QuRouterCWE-923 | 6.8 | - | 2026-03-20 |
| CVE-2025-62844 | QuRouter — QuRouterCWE-1390 | 5.5 | - | 2026-03-20 |
| CVE-2025-62845 | QuRouter — QuRouterCWE-150 | 7.8 | - | 2026-03-20 |
| CVE-2025-62846 | QuRouter — QuRouterCWE-89 | 7.8 | - | 2026-03-20 |
| CVE-2026-22895 | QuFTP Service — QuFTP ServiceCWE-79 | 4.8 | - | 2026-03-20 |
| CVE-2026-22897 | QuNetSwitch — QuNetSwitchCWE-78 | 9.8 | - | 2026-03-20 |
| CVE-2026-22898 | QVR Pro — QVR ProCWE-306 | 9.8 | - | 2026-03-20 |
| CVE-2026-22900 | QuNetSwitch — QuNetSwitchCWE-798 | 9.8 | - | 2026-03-20 |
| CVE-2026-22901 | QuNetSwitch — QuNetSwitchCWE-78 | 9.8 | - | 2026-03-20 |
| CVE-2026-22902 | QuNetSwitch — QuNetSwitchCWE-78 | 7.8 | - | 2026-03-20 |
| CVE-2025-59388 | Hyper Data Protector — Hyper Data ProtectorCWE-259 | 9.8AI | CriticalAI | 2026-03-12 |
| CVE-2024-14026 | QTS, QuTS hero — QTSCWE-78 | 8.8AI | HighAI | 2026-03-11 |
| CVE-2024-14025 | Video Station — Video StationCWE-89 | 7.2AI | HighAI | 2026-03-11 |
| CVE-2024-14024 | Video Station — Video StationCWE-295 | 8.0AI | HighAI | 2026-03-11 |
| CVE-2024-56807 | Media Streaming add-on — Media Streaming add-onCWE-125 | 5.5AI | MediumAI | 2026-02-11 |
| CVE-2024-56808 | Media Streaming add-on — Media Streaming add-onCWE-78 | 8.0AI | HighAI | 2026-02-11 |
| CVE-2025-30266 | Qsync Central — Qsync CentralCWE-476 | 7.5 | - | 2026-02-11 |
| CVE-2025-30269 | Qsync Central — Qsync CentralCWE-134 | 8.2 | - | 2026-02-11 |
| CVE-2025-30276 | Qsync Central — Qsync CentralCWE-787 | 9.1 | - | 2026-02-11 |
| CVE-2025-47205 | QTS, QuTS hero — QTSCWE-476 | 7.5AI | HighAI | 2026-02-11 |
| CVE-2025-47209 | Qsync Central — Qsync CentralCWE-476 | 7.5 | - | 2026-02-11 |
| CVE-2025-48722 | Qsync Central — Qsync CentralCWE-476 | 7.5 | - | 2026-02-11 |
| CVE-2025-48723 | Qsync Central — Qsync CentralCWE-120 | 9.1 | - | 2026-02-11 |
| CVE-2025-48724 | Qsync Central — Qsync CentralCWE-120 | 9.1 | - | 2026-02-11 |
| CVE-2025-48725 | QuTS hero — QuTS heroCWE-120 | 8.1 | - | 2026-02-11 |
| CVE-2025-52868 | Qsync Central — Qsync CentralCWE-120 | 9.1 | - | 2026-02-11 |
| CVE-2025-52869 | Qsync Central — Qsync CentralCWE-120 | 9.1AI | CriticalAI | 2026-02-11 |
| CVE-2025-52870 | Qsync Central — Qsync CentralCWE-120 | 9.1AI | CriticalAI | 2026-02-11 |
| CVE-2025-53598 | Qsync Central — Qsync CentralCWE-476 | 7.5AI | HighAI | 2026-02-11 |
This page lists every published CVE security advisory associated with QNAP Systems Inc.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.