NAS (QNAP) Vulnerability scope

PLEASE NOTE: As of July 15th, 2020, we do no longer accept QNAP vulnerabilities. In the meantime, check out our full scope for the complete list of eligible items.

This page will be updated once QNAP is once again eligible.

QNAP’s Network Attached Storages are becoming increasingly popular for backup, storage and streaming and with their rise – comes a potential risk.

Think you figured out how to run unauthenticated commands on the device? We are looking for you! 


We are currently looking for the following items on QNAP’s Network Attached Storage:

  • Code/command execution
  • Authentication bypass
  • Buffer Overflow vulnerability
  • Command Injection vulnerability


Found something not on this list? We still want to buy it!