CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-34360 – CSRF Bypass in Proxy Server
https://notcve.org/view.php?id=CVE-2021-34360
A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later Se ha informado de una vulnerabilidad de tipo cross-site request forgery (CSRF) que afecta al dispositivo QNAP ejecutando Servidor Proxy. Si es explotado, esta vulnerabilidad permite a atacantes remotos inyectar código malicioso. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) y posteriores QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) y posteriores QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) y posteriores • https://www.qnap.com/en/security-advisory/qsa-22-18 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27588 – Vulnerability in QVR
https://notcve.org/view.php?id=CVE-2022-27588
We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later Ya hemos corregido esta vulnerabilidad en las siguientes versiones de QVR: QVR 5.1.6 build 20220401 y posteriores • https://www.qnap.com/en/security-advisory/qsa-22-07 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-44057 – Improper authentication in Photo Station
https://notcve.org/view.php?id=CVE-2021-44057
An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later Se ha informado de una vulnerabilidad de autenticación inapropiada que afecta al dispositivo QNAP que ejecuta Photo Station. Si es explotada, esta vulnerabilidad permite a atacantes comprometer la seguridad del sistema. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Photo Station: Photo Station 6.0.20 ( 15/02/2022 ) y posteriores Photo Station 5.7.16 ( 11/02/2022 ) y posteriores Photo Station 5.4.13 ( 11/02/2022 ) y posteriores • https://www.qnap.com/en/security-advisory/qsa-22-15 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-44056 – Improper authentication in Video Station
https://notcve.org/view.php?id=CVE-2021-44056
An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 and later Video Station 5.3.13 and later Video Station 5.1.8 and later Se ha informado de una vulnerabilidad de autenticación inapropiada que afecta al dispositivo QNAP que ejecuta Video Station. Si es explotada, esta vulnerabilidad permite a atacantes comprometer la seguridad del sistema. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Video Station: Video Station 5.5.9 y posteriores Video Station 5.3.13 y posteriores Video Station 5.1.8 y posteriores • https://www.qnap.com/en/security-advisory/qsa-22-14 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-44055 – Information leakage in Video Station
https://notcve.org/view.php?id=CVE-2021-44055
An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02/16 ) and later Se ha informado de una vulnerabilidad de falta de autorización que afecta al dispositivo de QNAP que ejecuta Video Station. Si es explotada, esta vulnerabilidad permite a atacantes remotos acceder a los datos o llevar a cabo acciones que no deberían estar permitidas. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Video Station: Video Station 5.5.9 ( 2022/02/16 ) y posteriores • https://www.qnap.com/en/security-advisory/qsa-22-14 • CWE-862: Missing Authorization •