Qnap Systems Inc. Video Station vulnerabilities

CVE-2024-14024 [LOW] CWE-295 CVE-2024-14024: An improper certificate validation vulnerability has been reported to affect Video Station. If an at An improper certificate validation vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and

CVE-2024-14025 [LOW] CWE-89 CVE-2024-14025: An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later

CVE-2024-56804 [MEDIUM] CWE-89 CVE-2024-56804: An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Video Station 5.8.4 and later

CVE-2023-47563 [HIGH] CWE-77 CVE-2023-47563: An OS command injection vulnerability has been reported to affect Video Station. If exploited, the v An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later

CVE-2023-50360 [HIGH] CWE-89 CVE-2023-50360: A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerabi A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.1 ( 2024/02/26 ) and later

CVE-2023-41287 [MEDIUM] CWE-89 CVE-2023-41287: A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerabi A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later

CVE-2023-41288 [HIGH] CWE-78 CVE-2023-41288: An OS command injection vulnerability has been reported to affect Video Station. If exploited, the v An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later

CVE-2023-34976 [CRITICAL] CWE-89 CVE-2023-34976: A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerabi A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later

CVE-2023-34977 [MEDIUM] CWE-79 CVE-2023-34977: A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later

CVE-2021-44055 [MEDIUM] CWE-862 CVE-2021-44055: An missing authorization vulnerability has been reported to affect QNAP device running Video Station An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02

CVE-2021-44056 [HIGH] CWE-287 CVE-2021-44056: An improper authentication vulnerability has been reported to affect QNAP device running Video Stati An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 and later Video Station 5.3.13 and later Video Stati

CVE-2021-28812 [HIGH] CWE-77 CVE-2021-28812: A command injection vulnerability has been reported to affect certain versions of Video Station. If A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Video Station versions prior to 5.5.4 on QTS 4.5.2; versions prior to 5.5.4 on QuTS hero h4.5.2; versions prior to 5.5.4 on QuTSclou