CVE-2024-14024

Severity CVSS v4.0:

LOW

Type:

CWE-295 Improper Certificate Validation

Publication date:

11/03/2026

Last modified:

11/03/2026

Description

An improper certificate validation vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to compromise the security of the system.<br /> <br /> We have already fixed the vulnerability in the following version:<br /> Video Station 5.8.2 and later

Impact

Vector 4.0

CVSS:4.0/AV:P/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/E:U CVSS v4.0 Severity and Metrics:

Base Score: 0.10 LOW
Vector: CVSS:4.0/AV:P/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/E:U

Attack Vector (AV): Physical
Attack Complexity (AC): Low
Attack Requirements (AT): Present
Privileges Required (PR): High
User Interaction (UI): None
Confidentiality (VC): None
Integrity (VI): Low
Availability (VA): Low
Confidentiality (SC): None
Integrity (SI): Low
Availability (SA): Low
Exploit Maturity (E): Unreported

Base Score 4.0

0.10

Severity 4.0

LOW

References to Advisories, Solutions, and Tools

https://www.qnap.com/en/security-advisory/qsa-24-24