QNAP NAS Multiple Vulnerabilities

Release Date: 10 Mar 2025

RISK: Medium Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in QNAP NAS. A remote attacker could exploit some of these vulnerabilities to trigger spoofing, security restriction bypass, denial of service condition, remote code execution, sensitive information disclosure and data manipulation on the targeted system.

---

Impact

• Remote Code Execution
• Denial of Service
• Information Disclosure
• Data Manipulation
• Security Restriction Bypass
• Spoofing

---

System / Technologies affected

• File Station 5 version 5.5.x
• HBS 3 Hybrid Backup Sync 25.1.x
• Helpdesk 3.3.x
• Qfinder Pro for Mac 7.11.x
• Qsync Client for Mac 5.1.x
• QTS 4.5.x
• QTS 5.1.x
• QTS 5.2.x
• QuLog Center 1.7.x
• QuLog Center 1.8.x
• QuRouter 2.4.x
• QuTS hero h4.5.x
• QuTS hero h5.1.x
• QuTS hero h5.2.x
• QuTS hero h5.x
• QVPN Device Client for Mac 2.2.x

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://www.qnap.com/en/security-advisory/qsa-24-51
• https://www.qnap.com/en/security-advisory/qsa-24-53
• https://www.qnap.com/en/security-advisory/qsa-24-52
• https://www.qnap.com/en/security-advisory/qsa-24-54
• https://www.qnap.com/en/security-advisory/qsa-24-55
• https://www.qnap.com/en/security-advisory/qsa-25-01
• https://www.qnap.com/en/security-advisory/qsa-25-03
• https://www.qnap.com/en/security-advisory/qsa-25-05
• https://www.qnap.com/en/security-advisory/qsa-25-06
• https://www.qnap.com/en/security-advisory/qsa-25-07

---

Vulnerability Identifier

• CVE-2024-13086
• CVE-2024-38638
• CVE-2024-48864
• CVE-2024-50390
• CVE-2024-50394
• CVE-2024-50405
• CVE-2024-53692
• CVE-2024-53693
• CVE-2024-53694
• CVE-2024-53695
• CVE-2024-53696
• CVE-2024-53697
• CVE-2024-53698
• CVE-2024-53699
• CVE-2024-53700

---

Source

• QNAP

---

Related Link

• https://www.qnap.com/en/security-advisory/qsa-24-51
• https://www.qnap.com/en/security-advisory/qsa-24-53
• https://www.qnap.com/en/security-advisory/qsa-24-52
• https://www.qnap.com/en/security-advisory/qsa-24-54
• https://www.qnap.com/en/security-advisory/qsa-24-55
• https://www.qnap.com/en/security-advisory/qsa-25-01
• https://www.qnap.com/en/security-advisory/qsa-25-03
• https://www.qnap.com/en/security-advisory/qsa-25-05
• https://www.qnap.com/en/security-advisory/qsa-25-06
• https://www.qnap.com/en/security-advisory/qsa-25-07