CVE-2023-47563Command Injection in Systems INC Video Station

CWE-77Command InjectionCWE-78OS Command Injection3 documents3 sources
Severity
8.8HIGHNVD
CNA7.4
EPSS
0.7%
top 28.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems INC Video StationQnap Video Station
Timeline
PublishedSep 6

Description

An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDqnap/video_station5.0.05.8.2
CVEListV5qnap_systems_inc/video_station5.8.x5.8.2

🔴Vulnerability Details

2
CVEList
Video Station2024-09-06
GHSA
GHSA-j3f7-j487-wx5j: An OS command injection vulnerability has been reported to affect Video Station2024-09-06
CVE-2023-47563 — Command Injection | cvebase