COOEY // HUBcompliance · community · intelligence

FAIL › dossier

QNAP vendor

12
failure events
0
zero-days
3
RCEs
12
on KEV
9
critical
95
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 12 events

DateEventSevFlagsShameSummary
2022-05-24 CVE-2018-19949 critical ⚡RCE ⌖KEV 95 A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands.
2022-09-08 CVE-2022-27593 critical ⌖KEV 80 Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign.
2022-06-08 CVE-2019-7194 critical ⌖KEV 80 QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.
2022-06-08 CVE-2019-7195 critical ⌖KEV 80 QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.
2022-06-08 CVE-2019-7193 critical ⌖KEV 80 QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system.
2022-06-08 CVE-2019-7192 critical ⌖KEV 80 QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system.
2022-05-24 CVE-2018-19953 critical ⌖KEV 80 A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.
2022-05-24 CVE-2018-19943 critical ⌖KEV 80 A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.
2022-03-31 CVE-2021-28799 critical ⌖KEV 80 QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device.
2023-12-21 CVE-2023-47565 high ⚡RCE ⌖KEV 65 QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network.
2022-04-11 CVE-2020-2509 high ⚡RCE ⌖KEV 65 QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution.
2022-03-25 CVE-2020-2506 high ⌖KEV 50 QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information.