Karzemrok

QNAP QSA-22-14 : VideoStation - Multiple Vulnerabilities

The first vulnerably allows an unauthenticated attacker to leak video filename and id. The second vulnerability allows an authenticated user without access to the VideoStation application to bypass application privileges checking

May 6, 2022

QNAP QSA-22-15 : PhotoStation - Application Privileges Checking Bypass

This vulnerability allows an authenticated user without access to the PhotoStation application to bypass application privileges checking

May 6, 2022

QNAP QSA-21-25 : Helpdesk - A simple user without privileges can gain administrative access on the NAS

This vulnerability allows a simple user to enable SSH access to the NAS and get the password of the _qnap_support account. This account is sudoers on the device.

June 11, 2021

Synology SA-20:25 : SafeAccess - Multiple Vulnerabilities

Multiple Stored XSS and SQLite Injection vulnerabilities in the Safe Access (1.2.1-0220) package.

November 24, 2020

CVE-2020-25867 : SoPlanning Sharing Key Bypass

A PHP type Juggling attack that allows an unauthenticated attacker to access the content of the calendar without knowing the sharing key

July 21, 2020

Synology SA-18-15 : Photo Station - Privilege Escalation and CRLF

Multiple vulnerabilities allow remote attackers to hijack the authentication of administrators or to conduct privilege escalation attacks via a susceptible version of Photo Station.

March 29, 2018

Synology SA-17:17 : Surveillance Station - Path Traversal

A Path Traversal vulnerability allowing an authenticated user with access to Surveillance Station service can access pictures on the whole system

December 12, 2017