Qnap Media Streaming Add-on — known CVE vulnerabilities
Every CVE whose affected-product data names Qnap Media Streaming Add-on, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2020-36195 — CVSS 9.8 (critical): An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited…
CVE-2017-7640 — CVSS 9.8 (critical): QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to run arbitrary OS commands…
CVE-2023-47222 — CVSS 9.6 (critical): An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability…
CVE-2025-59383 — CVSS 9.1 (critical): A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability…
CVE-2023-23369 — CVSS 9.0 (critical): An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
CVE-2017-7641 — CVSS 8.8 (high): QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not utilize CSRF protections.
CVE-2024-50395 — CVSS 8.8 (high): An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. If exploited, the…
CVE-2021-34362 — CVSS 8.7 (high): A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability…
CVE-2024-56808 — CVSS 7.8 (high): A command injection vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access who have…
CVE-2023-47220 — CVSS 6.6 (medium): An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow…
CVE-2017-7638 — CVSS 6.5 (medium): QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not authenticate requests properly. Successful…
CVE-2017-7634 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows…
CVE-2024-56807 — CVSS 5.5 (medium): An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access, they can…