Описание
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. QuTScloud is not affected.
We have already fixed the vulnerability in the following versions: QuTS hero h4.5.4.2626 build 20231225 and later QTS 4.5.4.2627 build 20231225 and later
Уязвимые конфигурации
Конфигурация 1Версия до 5.7.0 (исключая)
cpe:2.3:a:qnap:video_station:*:*:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.00081
Низкий
6.6 Medium
CVSS3
8.8 High
CVSS3
Дефекты
CWE-78
CWE-89
Связанные уязвимости
CVSS3: 7.4
github
больше 2 лет назад
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later
EPSS
Процентиль: 24%
0.00081
Низкий
6.6 Medium
CVSS3
8.8 High
CVSS3
Дефекты
CWE-78
CWE-89