Shodan
Vulnerabilities
Vulnerable Software
Qnap:  Security Vulnerabilities
CVE-2018-0710
Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS Score
8.8
EPSS Score
0.142
Published
2018-07-17
CVE-2018-0706
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.
CVSS Score
8.8
EPSS Score
0.487
Published
2018-07-17
CVE-2017-13072
Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code.
CVSS Score
6.1
EPSS Score
0.008
Published
2018-06-21
CVE-2018-0712
Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 and their earlier versions could allow remote attackers to run arbitrary commands or install malware on the NAS.
CVSS Score
9.8
EPSS Score
0.026
Published
2018-06-21
CVE-2017-7635
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.
CVSS Score
8.8
EPSS Score
0.006
Published
2018-06-05
CVE-2017-7636
Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML.
CVSS Score
6.1
EPSS Score
0.012
Published
2018-06-05
CVE-2017-7637
QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges.
CVSS Score
9.8
EPSS Score
0.032
Published
2018-06-05
CVE-2017-7639
QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server.
CVSS Score
5.3
EPSS Score
0.011
Published
2018-06-05
CVE-2018-0711
Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML.
CVSS Score
6.1
EPSS Score
0.009
Published
2018-04-30
CVE-2017-13073
Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML.
CVSS Score
6.1
EPSS Score
0.008
Published
2018-04-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved