Video Station
CVE-2023-41288

8.8HIGH

Key Information:

Vendor: QNAP
Status: Video Station
Vendor: CVE Published:; 5 January 2024

Summary

An OS command injection vulnerability has been identified within QNAP's Video Station. If exploited, this vulnerability could permit unauthorized users to execute arbitrary commands through network access. The issue has been addressed in Video Station version 5.7.2, released on November 23, 2023, which includes critical security enhancements to mitigate potential exploits.

Affected Version(s)

Video Station 5.7.x < 5.7.2 ( 2023/11/23 )

References

https://www.qnap.com/en/security-advisory/qsa-23-55

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 5, 2024
Vulnerability Reserved
Aug 28, 2023

Credit

Vladimir Meier and Thomas Dewaele (Bugscale SA)