Qnap Systems Inc Media Streaming Add-On vulnerabilities

CVE-2025-59383 [LOW] CWE-121 CVE-2025-59383: A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attac A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Media Streaming Add-on 500.1.1 and later

CVE-2024-56808 [LOW] CWE-78 CVE-2024-56808: A command injection vulnerability has been reported to affect Media Streaming add-on. If an attacker A command injection vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and

CVE-2024-56807 [LOW] CWE-125 CVE-2024-56807: An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attack An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later

CVE-2024-50395 [MEDIUM] CWE-639 CVE-2024-50395: An authorization bypass through user-controlled key vulnerability has been reported to affect Media An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow local network attackers to gain privilege. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later

CVE-2023-47220 [MEDIUM] CWE-78 CVE-2023-47220: An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploit An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later

CVE-2023-47222 [CRITICAL] CWE-22 CVE-2023-47222: An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-o An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later

CVE-2023-23369 [CRITICAL] CWE-77 CVE-2023-23369: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia Console 1.4.8 ( 2023/05/05 ) a

CVE-2021-34362 [HIGH] CWE-78 CVE-2021-34362: A command injection vulnerability has been reported to affect QNAP device running Media Streaming ad A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QT

CVE-2020-36195 [CRITICAL] CWE-20 CVE-2020-36195: An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or th An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: