Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
Analysis
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later
Technical ContextAI
Path traversal allows an attacker to access files outside the intended directory by manipulating file paths with sequences like '../'.
RemediationAI
Validate and sanitize file path inputs. Use a whitelist of allowed files or directories. Implement chroot jails or containerization.
More in Qsync Central
View allAn out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user accoun
An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user accoun
An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, the
An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, the
SQL injection vulnerability in Qsync Central that allows authenticated remote attackers to execute arbitrary code or com
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th
Format string vulnerability in QNAP Qsync Central that allows authenticated remote attackers to read sensitive data or m
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attack
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-32087