Video Station
CVE-2023-41287

4.3MEDIUM

Key Information:

Vendor: QNAP
Status: Video Station
Vendor: CVE Published:; 5 January 2024

Summary

A SQL injection vulnerability has been identified in QNAP Video Station, potentially allowing attackers to execute arbitrary SQL commands through malicious input sent over a network. This vulnerability compromises the integrity and security of the application, offering a pathway for unauthorized actions that could impact user data and privacy. QNAP has addressed this issue in the updated version 5.7.2, released on 2023/11/23, ensuring protection against such threats.

Affected Version(s)

Video Station 5.7.x < 5.7.2 ( 2023/11/23 )

References

https://www.qnap.com/en/security-advisory/qsa-23-55

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 5, 2024
Vulnerability Reserved
Aug 28, 2023

Credit

Vladimir Meier and Thomas Dewaele (Bugscale SA)