CVE-2020-2509
QNAP Network-Attached Storage (NAS) Command Injection Vulnerability
CVSS
—
No CVSS
EPSS
32.8%
p98
KEV
YES
Apr 11, 2022
Exploit Today
79
0-100
Published: — · Last modified: —
32.8%EPSS · 30 days34.2%
2026-06-302026-07-16
Product
QNAP / QNAP Network-Attached Storage (NAS)
Vulnerability
QNAP Network-Attached Storage (NAS) Command Injection Vulnerability
Added to KEV
Apr 11, 2022
Remediate by
May 2, 2022
Known ransomware use
No
Summary description
QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-2509
No related CVEs by CWE or product.