QNAP NAS Multiple Vulnerabilities
Release Date: 12 Feb 2026
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in QNAP NAS. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass, remote code execution, denial of service condition, sensitive information disclosure and data manipulation on the targeted system.
Impact
- Denial of Service
- Information Disclosure
- Data Manipulation
- Remote Code Execution
- Security Restriction Bypass
System / Technologies affected
- QTS 5.2.x
- QuTS hero h5.2.x
- QuTS hero h5.3.x
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://www.qnap.com/en/security-advisory/qsa-26-04
- https://www.qnap.com/en/security-advisory/qsa-26-05
- https://www.qnap.com/en/security-advisory/qsa-26-06
- https://www.qnap.com/en/security-advisory/qsa-26-08
Vulnerability Identifier
- CVE-2024-42516
- CVE-2024-43204
- CVE-2024-43394
- CVE-2024-47252
- CVE-2025-9640
- CVE-2025-10230
- CVE-2025-23048
- CVE-2025-47205
- CVE-2025-48725
- CVE-2025-49630
- CVE-2025-49812
- CVE-2025-53020
- CVE-2025-54090
- CVE-2025-58466
- CVE-2025-59386
- CVE-2025-66274
- CVE-2025-66277
沒有留言:
發佈留言