Multiple vulnerabilities in STEALTHONE D220/D340/D440

Overview Network storage servers STEALTHONE D220/D340/D440 provided by Y'S corporation contain multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2025-20016 OS Command Injection CWE-78 - CVE-2025-20055 SQL Injection CWE-89 - CVE-2025-20620 Chuya Hayakawa and Ryo Kamino of...

CVE-2025-20620

SQL Injection vulnerability exists in STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may obtain the administrative password of the web management page...

The vulnerability of the web interface for managing microprogramming software-based network storage devices STEALTHONE D220 and D340 allows a intruder to gain unauthorized access to protected information.

The vulnerability of the web interface for managing microprogramming software-based network storage devices STEALTHONE D220 and D340 is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain...

The vulnerability of the microprogrammed software for the STEALTHONE D220 and D340 network storage devices arises from the lack of measures taken to neutralize the special elements used in the operating system’s command set. This allows a hacker to execute arbitrary commands.

The vulnerability of the microprogrammed network storage systems STEALTHONE D220 and D340 is related to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2025-20620

SQL Injection vulnerability exists in STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may obtain the administrative password of the web management page...

STEALTHONE多款产品 操作系统命令注入漏洞

The STEALTHONE D220 is a network storage server from STEALTHONE. An operating system command injection vulnerability exists in various STEALTHONE products, which can be exploited to execute arbitrary OS commands by a user with administrative privileges who can log in to the web administration pag...

STEALTHONE D220和STEALTHONE D340 操作系统命令注入漏洞

The STEALTHONE D220 and STEALTHONE D340 are both network storage servers from STEALTHONE. An operating system command injection vulnerability exists in the STEALTHONE D220 and STEALTHONE D340, which can be exploited to execute arbitrary operating system commands by an attacker with access to the...

PT-2025-1295 · Y'S · Stealthone D220 +1

Name of the Vulnerable Software and Affected Versions: STEALTHONE D220/D340 versions up to 6.03.02 Description: The issue is related to an OS command injection vulnerability in the network storage servers STEALTHONE D220/D340 provided by Y'S corporation. This vulnerability may allow a remote...

PT-2025-1296 · Unknown · Stealthone D220/D340

Name of the Vulnerable Software and Affected Versions: STEALTHONE D220/D340 versions up to 6.03.02 Description: A SQL Injection vulnerability exists in the STEALTHONE D220/D340, allowing an attacker who can access the affected product to obtain the administrative password of the web management...