QNAP TS-453E NAS Authentication Bypass (CVE-2025-62847) Disclosed After Pwn2Own Exploit
QNAP has patched an authentication bypass vulnerability in its TS-453E NAS devices, discovered and exploited during Pwn2Own Berlin 2026 by the DEVCORE team.
QNAP has released a security advisory (QSA-25-45) addressing an authentication bypass vulnerability in its TS-453E NAS devices. The flaw, tracked as CVE-2025-62847, was discovered and demonstrated during the Pwn2Own Berlin 2026 competition by researchers from the DEVCORE Internship Program.
The vulnerability resides in the smbd component's handling of the `domain_name` parameter. According to the advisory published by the Zero Day Initiative (ZDI, the issue stems from improper validation of user-supplied input before it is used to construct an argument for a system call. This argument injection allows a network-adjacent attacker to bypass authentication without any credentials.
The flaw carries a CVSS score of 6.3, reflecting its medium severity due to the requirement of network adjacency and the limited impact on confidentiality, integrity, and availability. However, the fact that it requires no authentication is not required makes it particularly dangerous for devices exposed on internal networks.
QNAP has issued a fix for the vulnerability, and users of the TS-453E are urged to apply the update immediately. The advisory does not specify whether the flaw has been exploited in the wild beyond the Pwn2Own demonstration, but the public disclosure of technical details increases the risk of active attacks.
This disclosure is part of a broader trend of critical vulnerabilities being uncovered in network-attached storage devices, which often serve as central repositories for sensitive data. The DEVCORE team, which also won the Pwn2Own Berlin 2026 contest with a total of $1.3 million in prizes, has a track record of discovering high-impact flaws in enterprise and consumer hardware.
Organizations using QNAP TS-453E devices should prioritize patching and consider segmenting NAS devices from the rest of the network to limit exposure. The vulnerability underscores the importance of rigorous input validation in system-level components, especially those exposed to network traffic.