Video Station Security Vulnerabilities

CVE-2023-43534

Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access...

CVE-2023-41287

A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and...

CVE-2023-41288

An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and...

CVE-2023-34977

A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and...

CVE-2023-34975

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. QuTScloud c5.1.x is not affected. We have already fixed the vulnerability in the...

CVE-2023-34976

A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and...

CVE-2023-21405

Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors.....

CVE-2013-0143

cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query...

CVE-2013-0142

QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified...

CVE-2021-44055

An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following...

CVE-2021-44056

An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station...

CVE-2021-28812

A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Video Station versions prior to 5.5.4 on QTS 4.5.2; versions prior to 5.5.4....

CVE-2021-33181

Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified...

CVE-2019-7184

This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest...

CVE-2017-13071

QNAP has already patched this vulnerability. This security concern allows a remote attacker to run arbitrary commands on the QNAP Video Station 5.1.3 (for QTS 4.3.3), 5.2.0 (for QTS 4.3.4), and...

CVE-2017-9556

Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title...

CVE-2015-9105

Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of...

CVE-2015-6912

Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to...

CVE-2015-6911

SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to...

CVE-2015-6910

SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to...