Primary

Context

QNAP VioStor Improper Authentication Vulnerability Allowing Remote System Compromise

Vulnerability

Patched

An improper authentication vulnerability has been identified in QNAP VioStor NVR systems running QVR 5.1.x. This vulnerability allows remote attackers to compromise the security of the system. The issue has been resolved in VioStor version 5.1.6 build 20250621 and later.

Impact

Exploitation of this vulnerability can lead to unauthorized access and compromise of the affected system's security.

Remediation

Users are advised to update to VioStor version 5.1.6 build 20250621 or later. Instructions for updating the QVR firmware on legacy VioStor NVR can be found on the QNAP website.

Added: Aug 29, 2025, 6:38 PM

Updated: Aug 29, 2025, 6:38 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

QNAP VioStor Improper Authentication Vulnerability Allowing Remote System Compromise

Vulnerability

Impact

Remediation

Affected Products

QNAP QVR

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating