- How many CVEs does QNAP have?
- QNAP has 643 published CVE records since 2009, including 268 in the last two years.
- How many QNAP CVEs are in CISA KEV?
- Yes — 14 of QNAP's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which QNAP products have the most CVEs?
- The QNAP products with the most published CVEs are QTS, QuTS hero, QuTScloud, Qsync Central, File Station 5.
- What are the most common weakness types in QNAP CVEs?
- QNAP's CVEs most often map to these CWE weakness types: CWE-476 (NULL Pointer Dereference), CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')).
- Are there public exploits for QNAP vulnerabilities?
- Yes — 35 of QNAP's CVEs have a known public exploit.
- How many critical QNAP vulnerabilities are there?
- QNAP has 96 critical and 215 high-severity CVEs.
- What is the average severity of QNAP CVEs?
- The average CVSS base score across QNAP's scored CVEs is 6.3.