Qnap Photo_station
26 CVEs affecting Qnap Photo_station. Latest disclosed: 2025-11-11. Critical: 5, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-27593 | Critical | 10.0 | 2022-09-08 | An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an at… |
CVE-2017-20210 | Critical | 9.8 | 2025-11-11 | Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research. |
CVE-2019-7195 | Critical | 9.8 | 2019-12-05 | This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend upd… |
CVE-2019-7194 | Critical | 9.8 | 2019-12-05 | This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend upd… |
CVE-2019-7192 | Critical | 9.8 | 2019-12-05 | This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend upda… |
CVE-2021-34356 | High | 7.6 | 2021-10-01 | A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attack… |
CVE-2021-34355 | High | 7.6 | 2021-10-01 | A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers… |
CVE-2021-34354 | High | 7.6 | 2021-10-01 | A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attack… |
CVE-2018-0722 | High | 7.5 | 2019-02-01 | Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could al… |
CVE-2023-47562 | High | 7.4 | 2024-02-02 | An OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to execute com… |
CVE-2021-44057 | High | 7.1 | 2022-05-05 | An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to co… |
CVE-2024-32770 | Medium | 6.3 | 2024-11-22 | A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gai… |
CVE-2024-32769 | Medium | 6.3 | 2024-11-22 | A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gai… |
CVE-2024-32768 | Medium | 6.3 | 2024-11-22 | A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gai… |
CVE-2024-32767 | Medium | 6.3 | 2024-11-22 | A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gai… |
CVE-2020-2502 | Medium | 6.1 | 2021-02-17 | This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the… |
CVE-2020-2491 | Medium | 6.1 | 2020-12-10 | This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the… |
CVE-2018-19956 | Medium | 6.1 | 2020-11-02 | The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attack… |
CVE-2018-19955 | Medium | 6.1 | 2020-11-02 | The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attack… |
CVE-2018-19954 | Medium | 6.1 | 2020-11-02 | The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attack… |