Skip to main content

Qunetswitch

5 CVEs product

Monthly

CVE-2026-22897 HIGH PATCH This Week

Remote command execution in QuNetSwitch versions prior to 2.0.4.0415 allows unauthenticated attackers to execute arbitrary system commands over the network with no user interaction required. The vulnerability stems from improper input validation in command processing functions, enabling complete system compromise. No patch is currently available for affected versions.

Command Injection Qunetswitch
NVD VulDB
CVSS 4.0
8.1
EPSS
1.1%
CVE-2026-22900 MEDIUM PATCH This Month

QuNetSwitch contains hard-coded credentials that allow remote attackers to bypass authentication and gain unauthorized access to affected systems. This vulnerability affects QuNetSwitch versions prior to 2.0.5.0906, where credentials are embedded in the application code rather than properly managed through secure credential storage mechanisms. Remote attackers can exploit this weakness without requiring valid user credentials, leading to complete compromise of the network switch management interface.

Authentication Bypass Qunetswitch
NVD VulDB
CVSS 4.0
6.8
EPSS
0.2%
CVE-2026-22901 MEDIUM PATCH This Month

Command injection in QuNetSwitch allows authenticated remote attackers to execute arbitrary commands on affected systems with high impact to confidentiality and integrity. The vulnerability requires valid user credentials to exploit but poses significant risk to systems running versions prior to 2.0.5.0906. No patch is currently available for this CVSS 6.3 medium-severity issue.

Command Injection Qunetswitch
NVD VulDB
CVSS 4.0
6.3
EPSS
1.0%
CVE-2026-22902 MEDIUM PATCH This Month

Arbitrary command execution in QuNetSwitch can be achieved by local attackers with administrator privileges due to insufficient input validation in command processing. This vulnerability affects QuNetSwitch versions prior to 2.0.5.0906, allowing authenticated high-privilege users to bypass security controls and execute system commands. No patch is currently available for affected versions.

Command Injection Qunetswitch
NVD VulDB
CVSS 4.0
5.7
EPSS
0.1%
CVE-2021-28813 HIGH This Week

A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Authentication Bypass Qsw M2116P 2T2S Firmware Qunetswitch
NVD
CVSS 3.1
7.5
EPSS
1.1%
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Remote command execution in QuNetSwitch versions prior to 2.0.4.0415 allows unauthenticated attackers to execute arbitrary system commands over the network with no user interaction required. The vulnerability stems from improper input validation in command processing functions, enabling complete system compromise. No patch is currently available for affected versions.

Command Injection Qunetswitch
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

QuNetSwitch contains hard-coded credentials that allow remote attackers to bypass authentication and gain unauthorized access to affected systems. This vulnerability affects QuNetSwitch versions prior to 2.0.5.0906, where credentials are embedded in the application code rather than properly managed through secure credential storage mechanisms. Remote attackers can exploit this weakness without requiring valid user credentials, leading to complete compromise of the network switch management interface.

Authentication Bypass Qunetswitch
NVD VulDB
EPSS 1% CVSS 6.3
MEDIUM PATCH This Month

Command injection in QuNetSwitch allows authenticated remote attackers to execute arbitrary commands on affected systems with high impact to confidentiality and integrity. The vulnerability requires valid user credentials to exploit but poses significant risk to systems running versions prior to 2.0.5.0906. No patch is currently available for this CVSS 6.3 medium-severity issue.

Command Injection Qunetswitch
NVD VulDB
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Arbitrary command execution in QuNetSwitch can be achieved by local attackers with administrator privileges due to insufficient input validation in command processing. This vulnerability affects QuNetSwitch versions prior to 2.0.5.0906, allowing authenticated high-privilege users to bypass security controls and execute system commands. No patch is currently available for affected versions.

Command Injection Qunetswitch
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Authentication Bypass Qsw M2116P 2T2S Firmware +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy