VYPR

Nas

by Qnap

CVEs (8)

  • CVE-2017-10700CriSep 19, 2017
    risk 0.64cvss 9.8epss 0.02

    In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application.

  • CVE-2022-24990KEVFeb 7, 2023
    risk 0.29cvss epss 0.84

    TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.

  • CVE-2013-0143Jun 7, 2013
    risk 0.04cvss epss 0.07

    cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.

  • CVE-2007-1543Mar 20, 2007
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection.

  • CVE-2022-23771Oct 17, 2022
    risk 0.00cvss epss 0.00

    This vulnerability occurs in user accounts creation and deleteion related pages of IPTIME NAS products. The vulnerability could be exploited by a lack of validation when a POST request is made to this page. An attacker can use this vulnerability to or delete user accounts, or to…

  • CVE-2022-23765Aug 17, 2022
    risk 0.00cvss epss 0.00

    This vulnerability occured by sending a malicious POST request to a specific page while logged in random user from some family of IPTIME NAS. Remote attackers can steal root privileges by changing the password of the root through a POST request.

  • CVE-2020-7847Feb 23, 2021
    risk 0.00cvss epss 0.01

    The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. This issue affects: pTIME NAS 1.4.36.

  • CVE-2013-0142Jun 7, 2013
    risk 0.00cvss epss 0.01

    QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors.