Video Station
CVE-2023-34976

10CRITICAL

Key Information:

Vendor: QNAP
Status: Video Station
Vendor: CVE Published:; 13 October 2023

What is CVE-2023-34976?

A SQL injection vulnerability has been identified in QNAP's Video Station, enabling authenticated users to potentially inject malicious code through network interactions. This flaw could lead to unauthorized access to sensitive data and exploitation of the affected system. QNAP has addressed this issue in the release of Video Station version 5.7.0 on July 27, 2023, and users are strongly encouraged to upgrade to this version or later to mitigate risks.

Affected Version(s)

Video Station 5.7.x < 5.7.0 ( 2023/07/27 )

References

https://www.qnap.com/en/security-advisory/qsa-23-52

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2023
Vulnerability Reserved
Jun 8, 2023

Credit

Kaibro

CVE-2023-34976 Data

JSON