QNAP QSA-24-25 : Music Station - Unauthenticated file read and authentication bypass
This vulnerability allows an unauthenticated attacker to bypass the authentication and read arbitrary files as root
This vulnerability allows an unauthenticated attacker to bypass the authentication and read arbitrary files as root
QNAP QSA-22-14 : VideoStation - Multiple Vulnerabilities
The first vulnerably allows an unauthenticated attacker to leak video filename and id. The second vulnerability allows an authenticated user without access to the VideoStation application to bypass application privileges checking
QNAP QSA-22-15 : PhotoStation - Application Privileges Checking Bypass
This vulnerability allows an authenticated user without access to the PhotoStation application to bypass application privileges checking
QNAP QSA-21-25 : Helpdesk - A simple user without privileges can gain administrative access on the NAS
This vulnerability allows a simple user to enable SSH access to the NAS and get the password of the _qnap_support account. This account is sudoers on the device.
Synology SA-20:25 : SafeAccess - Multiple Vulnerabilities
Multiple Stored XSS and SQLite Injection vulnerabilities in the Safe Access (1.2.1-0220) package.
CVE-2020-25867 : SoPlanning Sharing Key Bypass
A PHP type Juggling attack that allows an unauthenticated attacker to access the content of the calendar without knowing the sharing key
Synology SA-18-15 : Photo Station - Privilege Escalation and CRLF
Multiple vulnerabilities allow remote attackers to hijack the authentication of administrators or to conduct privilege escalation attacks via a susceptible version of Photo Station.
Synology SA-17:17 : Surveillance Station - Path Traversal
A Path Traversal vulnerability allowing an authenticated user with access to Surveillance Station service can access pictures on the whole system