CVE-2024-14024

CWE-295 — Improper Certificate Validation3 documents3 sources

Severity

0.1LOW

EPSS

0.0%

top 99.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems Inc. Video Station Qnap Video Station

Timeline

PublishedMar 11

Description

An improper certificate validation vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

Affected Packages2 packages

▶CVEListV5qnap_systems_inc./video_station5.8.x — 5.8.2

▶NVDqnap/video_station5.0.0 — 5.8.2

🔴Vulnerability Details

GHSA

GHSA-vwf6-h3r8-8jfj: An improper certificate validation vulnerability has been reported to affect Video Station↗2026-03-11

▶

CVEList

Video Station↗2026-03-11

▶