Video Station OS Command Injection Vulnerability
CVE-2023-47563

8.8HIGH

Key Information:

Vendor: QNAP
Status: Video Station
Vendor: CVE Published:; 6 September 2024

Summary

An OS command injection vulnerability exists in QNAP's Video Station, allowing authenticated users to potentially execute arbitrary commands over the network. This may expose the system to unauthorized actions, jeopardizing the integrity and security of the video data managed by the application. Users are recommended to upgrade to Video Station version 5.8.2 or later, where the issue has been addressed.

Affected Version(s)

Video Station 5.8.x < 5.8.2

References

https://www.qnap.com/en/security-advisory/qsa-24-24

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 6, 2024
Vulnerability Reserved
Nov 6, 2023

Credit

lebr0nli (Alan Li), working with DEVCORE Internship Program