Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

QNAP Systems Inc. — Vulnerabilities & Security Advisories 532

Browse all 532 CVE security advisories affecting QNAP Systems Inc.. AI-powered Chinese analysis, POCs, and references for each vulnerability.

QNAP Systems Inc. manufactures network-attached storage devices and enterprise storage solutions, primarily serving small to medium-sized businesses and home users seeking centralized data management. Historically, the company’s firmware has exhibited a high volume of vulnerabilities, including remote code execution, cross-site scripting, and privilege escalation flaws. These issues often stem from insufficient input validation and improper access controls within the web management interface or embedded services. Notable incidents involve critical RCE vulnerabilities that allow unauthenticated attackers to gain full system control, exposing connected data to theft or ransomware encryption. The sheer number of recorded CVEs highlights persistent challenges in secure coding practices and rigorous patch management across its diverse product line. While QNAP provides security updates, the frequency of disclosed flaws necessitates strict network segmentation and proactive monitoring for administrators relying on these storage appliances for critical infrastructure.

Top products by QNAP Systems Inc.: QTS Qsync Central File Station 5 Photo Station QuRouter Video Station QuTS hero QuMagie Helpdesk Music Station QuLog Center QVR Notes Station 3 QuTScloud License Center Media Streaming add-on QVR Elite HBS 3 Hybrid Backup Sync QuNetSwitch QES Multimedia Console Download Station QuFirewall QVPN Windows Surveillance Station Proxy Server QcalAgent Malware Remover HBS 3 QmailAgent
CVE IDTitleCVSSSeverityPublished
CVE-2021-38687 Stack Overflow Vulnerability in Surveillance Station — Surveillance StationCWE-120 8.1 High2021-12-29
CVE-2021-38686 Improper Authentication Vulnerability in VioStor — QVRCWE-287 8.8 High2021-11-26
CVE-2021-38685 Command Injection Vulnerability in VioStor — QVRCWE-78 9.8 Critical2021-11-26
CVE-2021-34358 CSRF Vulnerability in QmailAgent — QmailAgentCWE-352 6.8 Medium2021-11-20
CVE-2021-38684 Buffer Overflow Vulnerability in Multimedia Console — Multimedia ConsoleCWE-787 8.1 High2021-11-13
CVE-2021-34357 Reflected XSS Vulnerability in QmailAgent — QmailAgentCWE-79 6.9 Medium2021-11-13
CVE-2021-34362 Command Injection Vulnerability in Media Streaming Add-on — Media Streaming add-onCWE-78 8.7 High2021-10-22
CVE-2021-38675 Stored XSS Vulnerability in Image2PDF — Image2PDFCWE-79 5.4 Medium2021-10-01
CVE-2021-34356 Stored XSS Vulnerability in Photo Station — Photo StationCWE-79 7.6 High2021-10-01
CVE-2021-34355 Stored XSS Vulnerability in Photo Station — Photo StationCWE-79 7.6 High2021-10-01
CVE-2021-34354 Stored Cross-site Scripting Vulnerability in Photo Station — Photo StationCWE-79 7.6 High2021-10-01
CVE-2021-34352 Command Injection Vulnerability in QVR — QVRCWE-78 7.2 High2021-10-01
CVE-2021-34351 Command Injection Vulnerability in QVR — QVRCWE-78 9.8 Critical2021-09-27
CVE-2021-34349 Command Injection Vulnerability in QVR — QVRCWE-78 7.2 High2021-09-27
CVE-2021-34348 Command Injection Vulnerability in QVR — QVRCWE-78 9.8 Critical2021-09-27
CVE-2021-34346 Stack Based Overflow Vulnerability in NVR Storage Expansion — NVR Storage ExpansionCWE-787 9.8 Critical2021-09-10
CVE-2021-34345 Stack Based Overflow Vulnerability in NVR Storage Expansion — NVR Storage ExpansionCWE-787 9.8 Critical2021-09-10
CVE-2021-34344 Stack Buffer Overflow Vulnerability in QUSBCam2 — QUSBCam2CWE-787 9.8 Critical2021-09-10
CVE-2021-34343 Buffer Overflow Vulnerability in QTS, QuTS hero, and QuTScloud — QTSCWE-787 6.0 Medium2021-09-10
CVE-2021-28816 Stack Buffer Overflow Vulnerabilities in QTS, QuTS hero, and QuTScloud — QTSCWE-787 7.6 High2021-09-10
CVE-2021-28813 Insufficiently Protected Credentials Vulnerability in QSW-M2116P-2T2S and QuNetSwitch — QSW-M2116P-2T2SCWE-259 9.6 Critical2021-09-10
CVE-2018-19957 Insufficient HTTP Security Headers in QTS, QuTS hero, and QuTScloud — QTSCWE-1021 6.1 -2021-09-10
CVE-2021-28809 Missing Authentication for Critical Function in RTRR Server in HBS3 — HBS 3CWE-284 9.8 Critical2021-07-08
CVE-2021-28804 Command Injection Vulnerabilities in QTS and QuTS hero — QTSCWE-78 9.8 -2021-07-01
CVE-2021-28803 Stored XSS Vulnerability in Q'center — Q'centerCWE-80 8.5 -2021-07-01
CVE-2021-28802 Command Injection Vulnerabilities in QTS and QuTS hero — QTSCWE-78 9.8 -2021-07-01
CVE-2020-36196 Stored XSS Vulnerability in QuLog Center — QuLog CenterCWE-80 5.4 -2021-07-01
CVE-2020-36194 XSS Vulnerability in QTS and QuTS heroCommand Injection Vulnerabilities in QTS and QuTS hero — QTSCWE-79 6.1 Medium2021-07-01
CVE-2021-28800 Command Injection Vulnerability in QTS — QTSCWE-78 8.1 High2021-06-24
CVE-2021-28815 Insecure Storage of Sensitive Information in myQNAPcloud Link — myQNAPcloud LinkCWE-922 6.0 Medium2021-06-16

This page lists every published CVE security advisory associated with QNAP Systems Inc.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.