CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2018-14746
https://notcve.org/view.php?id=CVE-2018-14746
Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS. Vulnerabilidad de inyección de comandos en QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829 y QTS 4.2.6 build 20180829 y sus versiones anteriores podría permitir que los atacantes remotos ejecuten comandos arbitrarios en el NAS. • https://www.qnap.com/zh-tw/security-advisory/nas-201811-22 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-14747
https://notcve.org/view.php?id=CVE-2018-14747
NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server. Vulnerabilidad de desreferencia de puntero NULL en QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829 y QTS 4.2.6 build 20180829 y sus versiones anteriores podría permitir que los atacantes remotos ejecuten comandos arbitrarios en el NAS. • https://www.qnap.com/zh-tw/security-advisory/nas-201811-22 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-14748
https://notcve.org/view.php?id=CVE-2018-14748
Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS. Vulnerabilidad de autorización incorrecta en QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829 y QTS 4.2.6 build 20180829 y sus versiones anteriores podría permitir que los atacantes remotos apaguen el NAS. • https://www.qnap.com/zh-tw/security-advisory/nas-201811-22 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-14749
https://notcve.org/view.php?id=CVE-2018-14749
Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS. Vulnerabilidad de desbordamiento de búfer en QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829 y QTS 4.2.6 build 20180829 y sus versiones anteriores podría provocar un impacto no especificado en el NAS. • https://www.qnap.com/zh-tw/security-advisory/nas-201811-22 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2018-0721 – Security Advisory for Vulnerabilities in QTS
https://notcve.org/view.php?id=CVE-2018-0721
Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710. Vulnerabilidad de desbordamiento de búfer en dispositivos NAS. • https://www.qnap.com/zh-tw/security-advisory/nas-201809-20 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •