CVE-2024-14025

Severity CVSS v4.0:

LOW

Type:

CWE-89 SQL Injection

Publication date:

11/03/2026

Last modified:

11/03/2026

Description

An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands.<br /> <br /> We have already fixed the vulnerability in the following version:<br /> Video Station 5.8.2 and later

Impact

Vector 4.0

CVSS:4.0/AV:P/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:U CVSS v4.0 Severity and Metrics:

Base Score: 0.10 LOW
Vector: CVSS:4.0/AV:P/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:U

Attack Vector (AV): Physical
Attack Complexity (AC): Low
Attack Requirements (AT): Present
Privileges Required (PR): High
User Interaction (UI): None
Confidentiality (VC): Low
Integrity (VI): Low
Availability (VA): Low
Confidentiality (SC): Low
Integrity (SI): Low
Availability (SA): Low
Exploit Maturity (E): Unreported

Base Score 4.0

0.10

Severity 4.0

LOW

References to Advisories, Solutions, and Tools

https://www.qnap.com/en/security-advisory/qsa-24-24