CVE-2023-41288 — OS Command Injection in Systems INC Video Station

CWE-78 — OS Command Injection3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 59.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC Video Station Qnap Video Station

Timeline

PublishedJan 5

Description

An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDqnap/video_station5.7.0 — 5.7.2

▶CVEListV5qnap_systems_inc/video_station5.7.x — 5.7.2 ( 2023/11/23 )

🔴Vulnerability Details

CVEList

Video Station↗2024-01-05

▶

GHSA

GHSA-frmj-qjf3-xxj4: An OS command injection vulnerability has been reported to affect Video Station↗2024-01-05

▶