Le Mau Anh Phong

**Name of the Vulnerable Software and Affected Versions** QNAP versions prior to QTS 5.2.7.3297 build 20251024 QNAP versions prior to QuTS hero h5.2.7.3297 build 20251024 QNAP versions prior to QuTS hero h5.3.1.3292 build 20251024 **Description** An authentication bypass allows unauthorized access to resources. Attackers can exploit this issue to gain access to resources without proper authentication. **Recommendations** Update QTS to version 5.2.7.3297 build 20251024 or later. Update QuTS hero to version h5.2.7.3297 build 20251024 or later. Update QuTS hero to version h5.3.1.3292 build 20251024 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP versions prior to 5.2.7.3297 build 20251024 QuTS hero versions prior to h5.2.7.3297 build 20251024 QuTS hero versions prior to h5.3.1.3292 build 20251024 **Description** The software contains an improper neutralization of argument delimiters in a command, which could allow remote attackers to alter execution logic. The issue is actively exploited. **Recommendations** Update QNAP to version 5.2.7.3297 build 20251024 or later. Update QuTS hero to version h5.2.7.3297 build 20251024 or later. Update QuTS hero to version h5.3.1.3292 build 20251024 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.2.7.3297 build 20251024 QNAP QuTS hero h5.2.7 versions prior to 5.2.7.3297 build 20251024 QNAP QuTS hero h5.3.1 versions prior to 5.3.1.3292 build 20251024 **Description** A flaw exists due to a NULL pointer dereference. This can allow a remote attacker to cause a denial-of-service (DoS) condition. **Recommendations** Update QTS to version 5.2.7.3297 build 20251024 or later. Update QuTS hero h5.2.7 to version 5.2.7.3297 build 20251024 or later. Update QuTS hero h5.3.1 to version 5.3.1.3292 build 20251024 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 5.2.7.3297 build 20251024 QNAP QuTS hero versions prior to h5.2.7.3297 build 20251024 QNAP QuTS hero versions prior to h5.3.1.3292 build 20251024 **Description** An SQL injection flaw exists in QNAP NAS devices running QTS and QuTS hero operating systems. Successful exploitation of this issue could allow a remote attacker to execute unauthorized code and potentially compromise the device. The vulnerability allows attackers to execute unauthorized code or commands. **Recommendations** Update QTS to version 5.2.7.3297 build 20251024 or later. Update QuTS hero to version h5.2.7.3297 build 20251024 or later. Update QuTS hero to version h5.3.1.3292 build 20251024 or later.