Qnap: >> Video Station >> 5.6.0 Security Vulnerabilities
An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following version:
Video Station 5.8.2 and later
CVSS Score
7.4
EPSS Score
0.009
Published
2024-09-06
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
Video Station 5.8.1 ( 2024/02/26 ) and later
CVSS Score
8.8
EPSS Score
0.001
Published
2024-09-06
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
QuTScloud c5.1.x is not affected.
We have already fixed the vulnerability in the following versions:
QuTS hero h4.5.4.2626 build 20231225 and later
QTS 4.5.4.2627 build 20231225 and later
CVSS Score
6.6
EPSS Score
0.001
Published
2023-10-13
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
Video Station 5.7.0 ( 2023/07/27 ) and later
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-13
A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
Video Station 5.7.0 ( 2023/07/27 ) and later
CVSS Score
4.6
EPSS Score
0.002
Published
2023-10-13