CVE-2024-14025

CWE-89SQL Injection3 documents3 sources
Severity
0.1LOW
EPSS
0.0%
top 94.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. Video StationQnap Video Station
Timeline
PublishedMar 11

Description

An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Affected Packages2 packages

NVDqnap/video_station5.0.05.8.2
CVEListV5qnap_systems_inc./video_station5.8.x5.8.2

🔴Vulnerability Details

2
CVEList
Video Station2026-03-11
GHSA
GHSA-cf9c-xp8q-h55h: An SQL injection vulnerability has been reported to affect Video Station2026-03-11
CVE-2024-14025 (LOW CVSS 0.1) | An SQL injection vulnerability has | cvebase.io