QNAP QTS 漏洞列表
共找到 9 个与 QNAP QTS 相关的漏洞
📅 加载漏洞趋势中...
-
QNAP QTS 多款设备 /cgi-bin/priv/privWizard.cgi 权限绕过漏洞(CVE-2024-21899) 无POC
QNAP Systems 是一家提供网络存储解决方案的公司,其产品包括 QTS、QuTS hero 和 QuTScloud 等操作系统。这些系统中 /cgi-bin/priv/privWizard.cgi 接口存在权限绕过漏洞。攻击者可以利用该漏洞绕过身份验证,获取未授权的访问权限,可能导致敏感信息泄露或系统被进一步攻击。 -
CVE-2019-7192: QNAP QTS and Photo Station 6.0.3 - Remote Command Execution POC
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. -
CVE-2022-27593: QNAP QTS Photo Station External Reference - Local File Inclusion POC
QNAP QTS Photo Station External Reference is vulnerable to local file inclusion via an externally controlled reference to a resource vulnerability. If exploited, this could allow an attacker to modify system files. The vulnerability is fixed in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later. -
CVE-2023-47218: QNAP QTS and QuTS Hero - OS Command Injection POC
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later. -
CVE-2019-7192: QNAP QTS and Photo Station 6.0.3 - Remote Command Execution POC
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. -
CVE-2022-27593: QNAP QTS Photo Station External Reference - Local File Inclusion POC
QNAP QTS Photo Station External Reference is vulnerable to local file inclusion via an externally controlled reference to a resource vulnerability. If exploited, this could allow an attacker to modify system files. The vulnerability is fixed in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later. -
CVE-2023-47218: QNAP QTS and QuTS Hero - OS Command Injection POC
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later. -
QNAP QTS 未授权 命令注入漏洞 无POC
-
QNAP QTS CVE-2023-47218 命令注入漏洞 无POC
QNAP QTS存在命令注入漏洞,此漏洞是由于quick.cgi接口对用户的请求验证不当导致的。