Browse all 36 CVE security advisories affecting QNAP. AI-powered Chinese analysis, POCs, and references for each vulnerability.
QNAP Systems specializes in network-attached storage (NAS) solutions, providing data storage and management infrastructure for both consumer and enterprise environments. Historically, its firmware has been a frequent target for security researchers, resulting in numerous recorded vulnerabilities. Common flaw classes include remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, often stemming from insufficient input validation in web management interfaces or exposed APIs. These weaknesses have allowed attackers to gain unauthorized administrative access, potentially leading to complete system compromise or data exfiltration. While the company issues regular security updates, the high volume of past issues highlights challenges in secure development practices. Recent incidents have underscored the critical importance of timely patching and network segmentation for devices running QNAP operating systems to mitigate the risk of exploitation by automated threat actors.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2018-14746 | QNAP QTS 命令注入漏洞 — QNAP QTS | 9.8 | - | 2018-11-28 |
| CVE-2018-14747 | QNAP QTS 安全漏洞 — QNAP QTS | 7.5 | - | 2018-11-28 |
| CVE-2018-14748 | QNAP QTS 安全漏洞 — QNAP QTS | 7.5 | - | 2018-11-28 |
| CVE-2018-14749 | QNAP QTS 缓冲区错误漏洞 — QNAP QTS | 9.8 | - | 2018-11-28 |
This page lists every published CVE security advisory associated with QNAP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.