Qnap Security Vulnerabilities (CVEs)

Track 242 security vulnerabilities affecting Qnap products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

40 Critical

89 High

112 Medium

1 Low

Sort by:

🔔 Get Alerts for Qnap

CVE-2023-39295 8.8

This CVE describes an OS command injection vulnerability in QuMagie that allows authenticated users to execute arbitrary commands on the system. The v...

Nov 10, 2023

CVE-2023-41285 7.4

This SQL injection vulnerability in QuMagie allows authenticated users to execute arbitrary SQL commands via network requests. It affects users runnin...

Nov 10, 2023

CVE-2023-23369 9.0

This OS command injection vulnerability in QNAP operating systems allows attackers to execute arbitrary commands on affected devices via network reque...

Nov 3, 2023

CVE-2023-23373 8.8

This OS command injection vulnerability in QUSBCam2 allows remote attackers to execute arbitrary commands on affected systems via network requests. Us...

Oct 20, 2023

CVE-2023-32974 7.5

This path traversal vulnerability in QNAP operating systems allows authenticated users to read arbitrary files outside intended directories via networ...

Oct 13, 2023

CVE-2023-34976 10.0

This SQL injection vulnerability in QNAP Video Station allows authenticated attackers to execute arbitrary SQL commands via network requests. It affec...

Oct 13, 2023

CVE-2023-23365 7.7

This path traversal vulnerability in QNAP Music Station allows authenticated users to access files outside the intended directory by manipulating file...

Oct 6, 2023

CVE-2023-23355 6.6

This CVE describes an OS command injection vulnerability in QNAP operating systems that allows remote authenticated administrators to execute arbitrar...

Mar 29, 2023

CVE-2022-27588 9.8

CVE-2022-27588 is a critical command injection vulnerability in QNAP QVR software that allows attackers to execute arbitrary commands on affected syst...

May 5, 2022

CVE-2021-44056 7.1

CVE-2021-44056 is an improper authentication vulnerability in QNAP Video Station that allows attackers to bypass authentication mechanisms. This affec...

May 5, 2022

CVE-2021-38682 8.1

A stack buffer overflow vulnerability in QNAP's QVR Elite, QVR Pro, and QVR Guard software allows attackers to execute arbitrary code on affected devi...

Jan 14, 2022

CVE-2021-38690 8.1

A stack buffer overflow vulnerability in QNAP's QVR Elite, QVR Pro, and QVR Guard software allows attackers to execute arbitrary code on affected devi...

Jan 14, 2022

CVE-2021-38692 8.1

A stack buffer overflow vulnerability in QNAP's QVR Elite, QVR Pro, and QVR Guard software allows attackers to execute arbitrary code on affected devi...

Jan 14, 2022

CVE-2021-38687 8.1

This CVE describes a stack buffer overflow vulnerability in QNAP Surveillance Station that allows attackers to execute arbitrary code on affected NAS ...

Dec 29, 2021

CVE-2021-38685 9.8

This is a critical command injection vulnerability in QNAP VioStor devices that allows remote attackers to execute arbitrary commands on affected syst...

Nov 26, 2021

CVE-2021-38684 8.1

A stack buffer overflow vulnerability in QNAP NAS Multimedia Console allows attackers to execute arbitrary code on affected systems. This affects QNAP...

Nov 13, 2021

CVE-2021-34362 8.7

This CVE-2021-34362 is a command injection vulnerability in QNAP's Media Streaming add-on that allows remote attackers to execute arbitrary commands o...

Oct 22, 2021

CVE-2021-34354 7.6

This cross-site scripting (XSS) vulnerability in QNAP Photo Station allows remote attackers to inject malicious JavaScript code into web pages viewed ...

Oct 1, 2021

CVE-2021-34356 7.6

This cross-site scripting (XSS) vulnerability in QNAP Photo Station allows remote attackers to inject malicious JavaScript code into web pages viewed ...

Oct 1, 2021

CVE-2021-34344 9.8

This CVE-2021-34344 is a critical stack buffer overflow vulnerability in QNAP's QUSBCam2 software that allows remote attackers to execute arbitrary co...

Sep 10, 2021

CVE-2021-34346 9.8

A stack buffer overflow vulnerability in QNAP NVR Storage Expansion allows attackers to execute arbitrary code on affected devices. This affects QNAP ...

Sep 10, 2021

CVE-2021-28813 9.6

This vulnerability allows remote attackers to read sensitive information stored insecurely on affected QNAP switches. Attackers can exploit this by ac...

Sep 10, 2021

CVE-2013-6276 9.8

This vulnerability involves hardcoded SSH keys in QNAP F_VioCard 2312 and F_VioGate 2308 devices, allowing unauthorized remote access. Only legacy mod...

Aug 9, 2021

CVE-2021-28809 9.8

CVE-2021-28809 is an improper access control vulnerability in legacy versions of QNAP HBS 3 backup software. If exploited, attackers can compromise th...

Jul 8, 2021

CVE-2021-28802 9.8

This CVE-2021-28802 is a critical command injection vulnerability in QNAP QTS and QuTS hero operating systems that allows attackers to execute arbitra...

Jul 1, 2021

CVE-2021-28804 9.8

This CVE-2021-28804 is a critical command injection vulnerability in QNAP QTS and QuTS hero operating systems that allows attackers to execute arbitra...

Jul 1, 2021

CVE-2021-28805 7.8

This vulnerability involves sensitive information exposure in QNAP switch firmware source code, allowing attackers to read application data. It affect...

Jun 11, 2021

CVE-2021-28810 7.5

CVE-2021-28810 is an authentication bypass vulnerability in QNAP NAS devices running Roon Server that allows attackers to access restricted resources ...

Jun 8, 2021

CVE-2021-28807 7.7

This is a post-authentication reflected cross-site scripting (XSS) vulnerability in QNAP's Q'center management software. It allows authenticated attac...

Jun 3, 2021

CVE-2021-28798 8.8

This CVE describes a relative path traversal vulnerability in QNAP NAS devices running QTS and QuTS hero operating systems. If exploited, attackers ca...

May 21, 2021

CVE-2021-28799 10.0

CVE-2021-28799 is an improper authorization vulnerability in QNAP's HBS 3 backup software that allows remote attackers to bypass authentication and lo...

May 13, 2021

CVE-2020-2509 9.8

This is a critical command injection vulnerability (CWE-77) in QNAP QTS and QuTS hero operating systems that allows attackers to execute arbitrary com...

Apr 17, 2021

CVE-2020-2501 9.8

This CVE describes a critical stack-based buffer overflow vulnerability in QNAP Surveillance Station that allows remote attackers to execute arbitrary...

Feb 17, 2021

CVE-2020-2506 7.3

CVE-2020-2506 is an improper access control vulnerability in QNAP QTS Helpdesk that allows attackers to bypass security controls. If exploited, attack...

Feb 3, 2021

CVE-2020-2507 9.8

This is a critical command injection vulnerability in QNAP Helpdesk software that allows remote attackers to execute arbitrary commands on affected sy...

Feb 3, 2021

CVE-2020-2508 7.2

This CVE-2020-2508 is a command injection vulnerability in QNAP QTS and QuTS hero operating systems that allows attackers to execute arbitrary command...

Jan 11, 2021

CVE-2018-19945 9.1

This vulnerability allows attackers to rename arbitrary files on affected QNAP devices due to improper pathname restrictions. It affects QNAP devices ...

Dec 31, 2020

CVE-2020-2503 9.0

This stored cross-site scripting (XSS) vulnerability in QNAP File Station allows remote attackers to inject malicious scripts that execute when users ...

Dec 24, 2020

CVE-2019-7198 9.8

CVE-2019-7198 is a command injection vulnerability in QNAP NAS devices that allows attackers to execute arbitrary commands on affected systems. This a...

Dec 10, 2020

CVE-2018-19950 9.8

This is a critical command injection vulnerability in QNAP Music Station that allows remote attackers to execute arbitrary commands on affected system...

Nov 2, 2020

CVE-2018-19949 9.8

CVE-2018-19949 is a critical command injection vulnerability in QNAP QTS operating system that allows remote attackers to execute arbitrary commands o...

Oct 28, 2020

CVE-2020-2500 9.8

This improper access control vulnerability in QNAP's Helpdesk software allows attackers to gain control of the Kayako service using API keys, potentia...

Jul 1, 2020

← Previous Page 5 of 5

Why Monitor Qnap Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 242+ known vulnerabilities affecting Qnap products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Qnap packages in under 60 seconds. No agents required - completely agentless scanning that works across Qnap deployments.

Free vulnerability database: Access detailed information about every Qnap CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Qnap CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Qnap CVEs Free