Home/Product/qnap file station
Product

qnap file station

51 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-22894
>= 5.5.6.4691 and < 5.5.6.5190
A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can the
6.5MEDIUM
 CVE-2025-66278
>= 5.5.6.4691 and < 5.5.6.5190
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can the
6.5MEDIUM
 CVE-2025-62856
>= 5.5.6.4691 and < 5.5.6.5190
A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, the
4.4MEDIUM
 CVE-2025-62855
>= 5.5.6.4691 and < 5.5.6.5190
A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, the
4.4MEDIUM
 CVE-2025-62854
>= 5.5.6.4691 and < 5.5.6.5190
An uncontrolled resource consumption vulnerability has been reported to affect File Station 5. If a remote attacker gains a user a
6.5MEDIUM
 CVE-2025-62853
>= 5.5.6.4691 and < 5.5.6.5190
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can the
6.5MEDIUM
 CVE-2025-57713
>= 5.5.6.4691 and < 5.5.6.5190
A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerab
7.5HIGH
 CVE-2025-57707
>= 5.5.6.4691 and < 5.5.6.5190
An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been reported to aff
8.8HIGH
 CVE-2025-54169
>= 5.5.6.4691 and < 5.5.6.5190
An out-of-bounds read vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they ca
6.5MEDIUM
 CVE-2025-54163
>= 5.5.6.4691 and < 5.5.6.5190
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator a
4.9MEDIUM
 CVE-2025-54162
>= 5.5.6.4691 and < 5.5.6.5190
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, th
4.9MEDIUM
 CVE-2025-54161
>= 5.5.6.4691 and < 5.5.6.5190
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote atta
4.9MEDIUM
 CVE-2025-54155
>= 5.5.6.4691 and < 5.5.6.5190
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote atta
4.9MEDIUM
 CVE-2025-57706
>= 5.5.6.4691 and < 5.5.6.5018
A cross-site scripting (XSS) vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account,
5.4MEDIUM
 CVE-2025-53413
>= 5.5.6.4691 and < 5.5.6.5018
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote atta
6.5MEDIUM
 CVE-2025-53412
>= 5.5.6.4691 and < 5.5.6.5018
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, th
6.5MEDIUM
 CVE-2025-53411
>= 5.5.6.4691 and < 5.5.6.5018
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote atta
4.9MEDIUM
 CVE-2025-53410
>= 5.5.6.4691 and < 5.5.6.5018
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote atta
6.5MEDIUM
 CVE-2025-53409
>= 5.5.6.4691 and < 5.5.6.5018
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote atta
6.5MEDIUM
 CVE-2025-53408
>= 5.5.6.4691 and < 5.5.6.5018
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, th
6.5MEDIUM
 CVE-2025-52865
>= 5.5.6.4691 and < 5.5.6.5018
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, th
6.5MEDIUM
 CVE-2025-47207
>= 5.5.6.4691 and < 5.5.6.5018
A NULL pointer dereference vulnerability has been reported to affect several product versions. If a remote attacker gains a user a
6.5MEDIUM
 CVE-2025-29900
>= 5.5.6.4691 and < 5.5.6.4907
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote atta
6.5MEDIUM
 CVE-2025-29899
>= 5.5.6.4691 and < 5.5.6.4907
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote atta
6.5MEDIUM
 CVE-2025-29890
>= 5.5.6.4691 and < 5.5.6.4907
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote atta
6.5MEDIUM
 CVE-2025-29889
>= 5.5.6.4691 and < 5.5.6.4907
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, th
6.5MEDIUM
 CVE-2025-29888
>= 5.5.6.4691 and < 5.5.6.4907
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, th
6.5MEDIUM
 CVE-2025-29886
>= 5.5.6.4691 and < 5.5.6.4907
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, th
6.5MEDIUM
 CVE-2025-29879
>= 5.5.6.4691 and < 5.5.6.4907
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, th
6.5MEDIUM
 CVE-2025-29878
>= 5.5.6.4691 and < 5.5.6.4907
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, th
6.5MEDIUM
 CVE-2025-29875
>= 5.5.6.4691 and < 5.5.6.4907
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, th
6.5MEDIUM
 CVE-2025-29874
>= 5.5.6.4691 and < 5.5.6.4907
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, th
6.5MEDIUM
 CVE-2025-29901
>= 5.5.6.4691 and < 5.5.6.4933
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, th
6.5MEDIUM
 CVE-2025-47206
>= 5.5.6.4691 and < 5.5.6.4933
An out-of-bounds write vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they c
8.1HIGH
 CVE-2025-33035
>= 5.5.6.4691 and < 5.5.6.4847
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can th
6.5MEDIUM
 CVE-2025-33031
>= 5.5.6.4691 and < 5.5.6.4847
An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user acc
8.8HIGH
 CVE-2025-30279
>= 5.5.6.4691 and < 5.5.6.4847
An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user ac
8.8HIGH
 CVE-2025-29885
>= 5.5.6.4691 and < 5.5.6.4791
An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could
8.8HIGH
 CVE-2025-29884
>= 5.5.6.4691 and < 5.5.6.4791
An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could
8.8HIGH
 CVE-2025-29883
>= 5.5.6.4691 and < 5.5.6.4791
An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could
8.8HIGH
 CVE-2025-29877
>= 5.5.6.4691 and < 5.5.6.4847
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, t
7.5HIGH
 CVE-2025-29876
>= 5.5.6.4691 and < 5.5.6.4847
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, t
7.5HIGH
 CVE-2025-29873
>= 5.5.6.4691 and < 5.5.6.4847
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, t
7.5HIGH
 CVE-2025-29872
>= 5.5.6.4691 and < 5.5.6.4847
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote att
7.5HIGH
 CVE-2025-29871
>= 5.5.6.4691 and < 5.5.6.4847
An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator accoun
5.5MEDIUM
 CVE-2025-22490
>= 5.5.6.4691 and < 5.5.6.4847
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, t
7.5HIGH
 CVE-2025-22486
>= 5.5.6.4691 and < 5.5.6.4791
An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could
8.8HIGH
 CVE-2024-48864
>= 5.5.6.4691 and < 5.5.6.4741
A files or directories accessible to external parties vulnerability has been reported to affect File Station 5. If exploited, the
9.1CRITICAL
 CVE-2018-13288
>= 1.1 and < 1.1.5-0125
Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 all
5.3MEDIUM
 CVE-2018-8923
< 1.1.4-0122
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authentica
6.5MEDIUM
 CVE-2017-15893
< 1.1.1-0099
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authent
6.5MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin