QNAP Systems A.I CyberSecurity Scoring
QNAP Systems
Company Information
Website:http://www.qnap.com
Employees number:844
Number of followers:15,954
NAICS:5415
Industry Type:IT Services and IT Consulting
Homepage:qnap.com
QNAP Systems Risk Score (AI oriented)
Between 700 and 749
QNAP SystemsIT Services and IT Consulting
Updated:
01/04/2026
01/04/2026
715/1000
Moderate
Ba
QNAP Systems Global Score (TPRM)
xxxx
QNAP SystemsIT Services and IT Consulting
Score locked

QNAP SystemsModerate
Current Score
715Ba (MODERATE)
01000
3 incidents
-5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
718
JUNE 2026
718
MAY 2026
717
APRIL 2026
716
MARCH 2026
720
Vulnerability
23 Mar 2026 • QNAP Systems
QNAP: Critical QNAP QVR Pro Vulnerability Let Remote Attackers Gain Access to the System
Critical QNAP QVR Pro Vulnerability Exposes Surveillance Systems to Remote Attacks
715
CRITICAL-5
QNA1774290227
Critical QNAP QVR Pro Vulnerability Exposes Surveillance Systems to Remote Attacks
QNAP has issued an urgent security advisory addressing a severe vulnerability (CVE-2026-22898) in its QVR Pro surveillance software, which allows unauthenticated remote attackers to gain unauthorized access to affected systems. The flaw, discovered by security researchers at FuzzingLabs, stems from a missing authentication check in critical functions of the QVR Pro application, enabling threat actors to bypass access controls entirely.
Affected versions include QVR Pro 2.7.x, and exploitation could grant attackers control over surveillance configurations, live or recorded video feeds, and even lateral movement to other connected devices on the network. Given that network-attached storage (NAS) devices are prime targets for ransomware, botnets, and data extortion, unpatched systems face heightened risks of full compromise and malicious payload deployment.
QNAP has released a patch in version 2.7.4.1485, which restores proper authentication checks. Administrators are advised to update immediately via the QTS or QuTS hero interface by navigating to the App Center, locating QVR Pro, and installing the latest version. Successful patch installation should be verified to ensure protection against exploitation.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2026
719
JANUARY 2026
718
DECEMBER 2025
717
NOVEMBER 2025
717
OCTOBER 2025
716
SEPTEMBER 2025
715
AUGUST 2025
714
JUNE 2025
716
Vulnerability
16 Jun 2025 • QNAP Systems
QNAP Systems
Critical Unquoted Search Path Vulnerability in QNAP NetBak Replicator (CVE-2025-57714)
711
HIGH-5
QNA2132421100625
QNAP Systems disclosed CVE-2025-57714, a critical unquoted search path vulnerability in its NetBak Replicator 4.5.x backup software for Windows. The flaw allows local attackers with standard user access to execute arbitrary code by exploiting improperly quoted directory paths containing spaces. By inserting a malicious executable into a higher-priority path, attackers can hijack the execution flow when the legitimate NetBak Replicator program runs, leading to privilege escalation (potentially to admin level), persistence, and lateral movement across networks.The vulnerability poses a high risk in shared environments (e.g., terminal servers, VDIs, or multi-admin systems), where an attacker could chain this with other exploits to compromise entire infrastructures. While no direct data breach or ransomware is reported, the flaw enables unauthorized code execution, which could facilitate follow-on attacks like data theft, backdoor installation, or system takeover. QNAP patched the issue in version 4.5.15.0807, urging immediate updates alongside defense-in-depth measures (access controls, intrusion detection, and path audits).
INCIDENT DETAILS -
TYPE
IMPACT
REFERENCES
APRIL 2021
755
Ransomware
01 Apr 2021 • QNAP Systems
QNAP Systems
QNAP NAS Devices Targeted by Qlocker and eCh0raix Ransomware
646
CRITICAL-109
QNA2236181122
Multiple devices from QNAP, a Taiwanese company specialising in NAS storage, was targeted by two types of ransomware, called Qlocker and eCh0raix, that aimed at encrypting their NAS devices for ransom.
These two ransomware used the 7zip protocol to encrypt data, created password-protected files and demanded a ransom.
With this method, it is possible to recover data from the logs used by 7zip, as long as the computer has not been shut down or restarted.
However, QNAP updated its 'Malware Remover' tool to run on affected computers, facilitating the process and recommending contacting technical support.
It has also updated various applications used on its devices.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for QNAP Systems ??
What was QNAP Systems's A.I Rankiteo Cyber Score in June 2026 ??
What was QNAP Systems's A.I Rankiteo Cyber Score in May 2026 ??
What was QNAP Systems's A.I Rankiteo Cyber Score in April 2026 ??
What was QNAP Systems's A.I Rankiteo Cyber Score in March 2026 ??
What was QNAP Systems's A.I Rankiteo Cyber Score in February 2026 ??
What was QNAP Systems's A.I Rankiteo Cyber Score in January 2026 ??
What was QNAP Systems's A.I Rankiteo Cyber Score in December 2025 ??
What was QNAP Systems's A.I Rankiteo Cyber Score in November 2025 ??
What was QNAP Systems's A.I Rankiteo Cyber Score in October 2025 ??
What was QNAP Systems's A.I Rankiteo Cyber Score in September 2025 ??
What was QNAP Systems's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on QNAP Systems's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with QNAP Systems ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view QNAP Systems's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?