Lucene search

[email protected]NVD:CVE-2023-47563

HistorySep 06, 2024 - 5:15 p.m.

CVE-2023-47563

2024-09-0617:15:12

CWE-77

CWE-78

[email protected]

web.nvd.nist.gov

command injection

video station

vulnerability

authenticated users

network

fixed

version 5.8.2

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.9%

JSON

An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network.

We have already fixed the vulnerability in the following version:
Video Station 5.8.2 and later

Affected configurations

Nvd

Node

qnapvideo_stationRange5.0.0–5.8.2

VendorProductVersionCPE
qnapvideo_station*cpe:2.3:a:qnap:video_station:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qnap	video_station	*	cpe:2.3:a:qnap:video_station::::::::

References

www.qnap.com/en/security-advisory/qsa-24-24

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.9%

JSON

Related for NVD:CVE-2023-47563

vulnrichment1 cve1 cvelist1 openvas1