Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

QNAP Systems Inc. — Vulnerabilities & Security Advisories 532

Browse all 532 CVE security advisories affecting QNAP Systems Inc.. AI-powered Chinese analysis, POCs, and references for each vulnerability.

QNAP Systems Inc. manufactures network-attached storage devices and enterprise storage solutions, primarily serving small to medium-sized businesses and home users seeking centralized data management. Historically, the company’s firmware has exhibited a high volume of vulnerabilities, including remote code execution, cross-site scripting, and privilege escalation flaws. These issues often stem from insufficient input validation and improper access controls within the web management interface or embedded services. Notable incidents involve critical RCE vulnerabilities that allow unauthenticated attackers to gain full system control, exposing connected data to theft or ransomware encryption. The sheer number of recorded CVEs highlights persistent challenges in secure coding practices and rigorous patch management across its diverse product line. While QNAP provides security updates, the frequency of disclosed flaws necessitates strict network segmentation and proactive monitoring for administrators relying on these storage appliances for critical infrastructure.

Top products by QNAP Systems Inc.: QTS Qsync Central File Station 5 Photo Station QuRouter Video Station QuTS hero QuMagie Helpdesk Music Station QuLog Center QVR Notes Station 3 QuTScloud License Center Media Streaming add-on QVR Elite HBS 3 Hybrid Backup Sync QuNetSwitch QES Multimedia Console Download Station QuFirewall QVPN Windows Surveillance Station Proxy Server QcalAgent Malware Remover HBS 3 QmailAgent
CVE IDTitleCVSSSeverityPublished
CVE-2023-34973 QTS, QuTS hero — QTSCWE-331 3.1 Low2023-08-24
CVE-2023-34972 QTS, QuTS hero and QuTScloud — QTSCWE-319 3.5 Low2023-08-24
CVE-2023-34971 QTS, QuTS hero — QTSCWE-326 7.1 High2023-08-24
CVE-2023-23355 QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR — QTSCWE-77 6.6 Medium2023-03-29
CVE-2022-27597 QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) — QTSCWE-1295 2.7 Low2023-03-29
CVE-2022-27598 QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) — QTSCWE-125 2.7 Low2023-03-29
CVE-2022-27596 Vulnerability in QTS — QuTS heroCWE-89 9.8 Critical2023-01-30
CVE-2022-27593 DeadBolt Ransomware — Photo StationCWE-610 10.0 Critical2022-09-08
CVE-2021-34360 CSRF Bypass in Proxy Server — Proxy ServerCWE-352 5.3 Medium2022-05-26
CVE-2022-27588 Vulnerability in QVR — QVRCWE-77 9.8 Critical2022-05-05
CVE-2021-44057 Improper authentication in Photo Station — Photo StationCWE-287 7.1 High2022-05-05
CVE-2021-44056 Improper authentication in Video Station — Video StationCWE-287 7.1 High2022-05-05
CVE-2021-44055 Information leakage in Video Station — Video StationCWE-862 5.3 Medium2022-05-05
CVE-2021-44054 Open redirect — QuTScloudCWE-601 4.3 Medium2022-05-05
CVE-2021-44053 Reflected XSS — QTSCWE-79 5.7 Medium2022-05-05
CVE-2021-44052 Arbitrary file read — QuTScloudCWE-59 6.5 Medium2022-05-05
CVE-2021-44051 Command injection — QuTScloudCWE-77 8.8 High2022-05-05
CVE-2021-38693 Path Traversal in thttpd — QuTScloudCWE-22 5.3 Medium2022-05-05
CVE-2021-34361 Reflected XSS Vulnerability in Proxy Server — Proxy ServerCWE-79 5.3 Medium2022-02-25
CVE-2021-34359 Stored XSS Vulnerability in Proxy Server — Proxy ServerCWE-79 6.9 Medium2022-02-25
CVE-2021-38679 Improper Authentication in Kazoo Server — Kazoo ServerCWE-287 6.5 Medium2022-02-11
CVE-2021-38692 Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard — QVR EliteCWE-120 8.1 High2022-01-14
CVE-2021-38691 Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard — QVR EliteCWE-120 8.1 High2022-01-14
CVE-2021-38690 Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard — QVR EliteCWE-120 8.1 High2022-01-14
CVE-2021-38689 Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard — QVR EliteCWE-120 8.1 High2022-01-14
CVE-2021-38682 Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard — QVR EliteCWE-120 8.1 High2022-01-14
CVE-2021-38678 Open Redirect Vulnerability in QcalAgent — QcalAgentCWE-601 6.1 Medium2022-01-14
CVE-2021-38677 Reflected XSS Vulnerability in QcalAgent — QcalAgentCWE-79 5.3 Medium2022-01-14
CVE-2021-38674 Reflected XSS Vulnerability in TFTP — QuTS heroCWE-79 4.2 Medium2022-01-07
CVE-2021-38688 Improper Authentication in Qfile — QfileCWE-287 7.1 High2021-12-29

This page lists every published CVE security advisory associated with QNAP Systems Inc.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.