CVSS: 9.8EPSS: 0%CPEs: 25EXPL: 0CVE-2018-0730
https://notcve.org/view.php?id=CVE-2018-0730
This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating QTS to their latest versions. Esta vulnerabilidad de inyección de comandos en File Station permite a atacantes ejecutar comandos sobre el dispositivo afectado. Para corregir la vulnerabilidad, QNAP recomienda actualizar QTS a sus últimas versiones. • https://www.qnap.com/zh-tw/security-advisory/nas-201911-20 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-0729
https://notcve.org/view.php?id=CVE-2018-0729
This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating Music Station to their latest versions. Esta vulnerabilidad de inyección de comandos en Music Station permite a atacantes ejecutar comandos sobre el dispositivo afectado. Para corregir la vulnerabilidad, QNAP recomienda actualizar Music Station a sus últimas versiones. • https://www.qnap.com/zh-tw/security-advisory/nas-201911-20 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-0722
https://notcve.org/view.php?id=CVE-2018-0722
Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device. Existe una vulnerabilidad de salto de directorio en las siguientes versiones de Photo Station que podría permitir a los atacantes remotos acceder a información sensible en el dispositivo: 5.72 y anteriores en QTS 4.3.4, 5.44 y anteriores en QTS 4.3.3 y 5.28 y anteriores en QTS 4.2.6. • https://www.qnap.com/zh-tw/security-advisory/nas-201901-14 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-0716
https://notcve.org/view.php?id=CVE-2018-0716
Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application. Vulnerabilidad Cross-Site Scripting (XSS) en QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 y versiones anteriores podría permitir que atacantes remotos inyecten código JavaScript en la aplicación comprometida. • https://www.qnap.com/zh-tw/security-advisory/nas-201811-29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2018-14746
https://notcve.org/view.php?id=CVE-2018-14746
Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS. Vulnerabilidad de inyección de comandos en QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829 y QTS 4.2.6 build 20180829 y sus versiones anteriores podría permitir que los atacantes remotos ejecuten comandos arbitrarios en el NAS. • https://www.qnap.com/zh-tw/security-advisory/nas-201811-22 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •