Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
QNAP Systems

QNAP Systems Vendor Cyber Rating & Cyber Score

qnap.com

QNAP Systems, Inc., headquartered in Taipei, Taiwan, provides a comprehensive range of cutting-edge Network-attached Storage (NAS) and video surveillance solutions based on the principles of usability, high security, and flexible scalability. QNAP offers quality NAS products for home and business users, providing solutions for storage, backup/snapshot, virtualization, teamwork, multimedia, and more. QNAP envisions NAS as being more than "simple storage"​, and has created many NAS-based innovations to encourage users to host and develop Internet of Things, artificial intelligence, and machine learning solutions on their QNAP NAS.


QNAP Systems A.I CyberSecurity Scoring

QNAP Systems
Company Information
Website:http://www.qnap.com
Employees number:844
Number of followers:15,954
NAICS:5415
Industry Type:IT Services and IT Consulting
Homepage:qnap.com
QNAP Systems Risk Score (AI oriented)
Between 700 and 749
logo
QNAP SystemsIT Services and IT Consulting
Updated:
01/04/2026
715/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
QNAP Systems Global Score (TPRM)
xxxx
logo
QNAP SystemsIT Services and IT Consulting
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

QNAP Systems
QNAP SystemsModerate
Current Score
715Ba (MODERATE)
01000
3 incidents
-5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
718Before Incident
JUNE 2026
718Before Incident
MAY 2026
717Before Incident
APRIL 2026
716Before Incident
MARCH 2026
720Before Incident
Vulnerability
23 Mar 2026QNAP Systems
QNAP: Critical QNAP QVR Pro Vulnerability Let Remote Attackers Gain Access to the System

Critical QNAP QVR Pro Vulnerability Exposes Surveillance Systems to Remote Attacks

715After Incident
CRITICAL-5
QNA1774290227
Critical QNAP QVR Pro Vulnerability Exposes Surveillance Systems to Remote Attacks QNAP has issued an urgent security advisory addressing a severe vulnerability (CVE-2026-22898) in its QVR Pro surveillance software, which allows unauthenticated remote attackers to gain unauthorized access to affected systems. The flaw, discovered by security researchers at FuzzingLabs, stems from a missing authentication check in critical functions of the QVR Pro application, enabling threat actors to bypass access controls entirely. Affected versions include QVR Pro 2.7.x, and exploitation could grant attackers control over surveillance configurations, live or recorded video feeds, and even lateral movement to other connected devices on the network. Given that network-attached storage (NAS) devices are prime targets for ransomware, botnets, and data extortion, unpatched systems face heightened risks of full compromise and malicious payload deployment. QNAP has released a patch in version 2.7.4.1485, which restores proper authentication checks. Administrators are advised to update immediately via the QTS or QuTS hero interface by navigating to the App Center, locating QVR Pro, and installing the latest version. Successful patch installation should be verified to ensure protection against exploitation.
INCIDENT DETAILS -
TYPE
Vulnerability Exploitation
IMPACT
Data Compromised: Surveillance configurations, live/recorded video feedsSystems Affected: QVR Pro surveillance software (versions 2.7.x)Operational Impact: Unauthorized access to surveillance systems, potential lateral movement to connected devices
DATA BREACH
Type Of Data Compromised: Surveillance data (video feeds, configurations)Sensitivity Of Data: High (surveillance footage, system access)
FEBRUARY 2026
719Before Incident
JANUARY 2026
718Before Incident
DECEMBER 2025
717Before Incident
NOVEMBER 2025
717Before Incident
OCTOBER 2025
716Before Incident
SEPTEMBER 2025
715Before Incident
AUGUST 2025
714Before Incident
JUNE 2025
716Before Incident
Vulnerability
16 Jun 2025QNAP Systems
QNAP Systems

Critical Unquoted Search Path Vulnerability in QNAP NetBak Replicator (CVE-2025-57714)

711After Incident
HIGH-5
QNA2132421100625
QNAP Systems disclosed CVE-2025-57714, a critical unquoted search path vulnerability in its NetBak Replicator 4.5.x backup software for Windows. The flaw allows local attackers with standard user access to execute arbitrary code by exploiting improperly quoted directory paths containing spaces. By inserting a malicious executable into a higher-priority path, attackers can hijack the execution flow when the legitimate NetBak Replicator program runs, leading to privilege escalation (potentially to admin level), persistence, and lateral movement across networks.The vulnerability poses a high risk in shared environments (e.g., terminal servers, VDIs, or multi-admin systems), where an attacker could chain this with other exploits to compromise entire infrastructures. While no direct data breach or ransomware is reported, the flaw enables unauthorized code execution, which could facilitate follow-on attacks like data theft, backdoor installation, or system takeover. QNAP patched the issue in version 4.5.15.0807, urging immediate updates alongside defense-in-depth measures (access controls, intrusion detection, and path audits).
INCIDENT DETAILS -
TYPE
VulnerabilityPrivilege EscalationArbitrary Code Execution
IMPACT
Windows systems running NetBak Replicator 4.5.xPotential privilege escalationPersistenceLateral movement risk in shared environments (e.g., terminal servers, VDI)Potential reputational damage due to unpatched systems
APRIL 2021
755Before Incident
Ransomware
01 Apr 2021QNAP Systems
QNAP Systems

QNAP NAS Devices Targeted by Qlocker and eCh0raix Ransomware

646After Incident
CRITICAL-109
QNA2236181122
Multiple devices from QNAP, a Taiwanese company specialising in NAS storage, was targeted by two types of ransomware, called Qlocker and eCh0raix, that aimed at encrypting their NAS devices for ransom. These two ransomware used the 7zip protocol to encrypt data, created password-protected files and demanded a ransom. With this method, it is possible to recover data from the logs used by 7zip, as long as the computer has not been shut down or restarted. However, QNAP updated its 'Malware Remover' tool to run on affected computers, facilitating the process and recommending contacting technical support. It has also updated various applications used on its devices.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial gain
IMPACT
Systems Affected: NAS devices

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for QNAP Systems ?
?
What was QNAP Systems's A.I Rankiteo Cyber Score in June 2026 ?
?
What was QNAP Systems's A.I Rankiteo Cyber Score in May 2026 ?
?
What was QNAP Systems's A.I Rankiteo Cyber Score in April 2026 ?
?
What was QNAP Systems's A.I Rankiteo Cyber Score in March 2026 ?
?
What was QNAP Systems's A.I Rankiteo Cyber Score in February 2026 ?
?
What was QNAP Systems's A.I Rankiteo Cyber Score in January 2026 ?
?
What was QNAP Systems's A.I Rankiteo Cyber Score in December 2025 ?
?
What was QNAP Systems's A.I Rankiteo Cyber Score in November 2025 ?
?
What was QNAP Systems's A.I Rankiteo Cyber Score in October 2025 ?
?
What was QNAP Systems's A.I Rankiteo Cyber Score in September 2025 ?
?
What was QNAP Systems's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on QNAP Systems's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with QNAP Systems ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view QNAP Systems's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?