CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-44056 – Improper authentication in Video Station
https://notcve.org/view.php?id=CVE-2021-44056
An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 and later Video Station 5.3.13 and later Video Station 5.1.8 and later Se ha informado de una vulnerabilidad de autenticación inapropiada que afecta al dispositivo QNAP que ejecuta Video Station. Si es explotada, esta vulnerabilidad permite a atacantes comprometer la seguridad del sistema. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Video Station: Video Station 5.5.9 y posteriores Video Station 5.3.13 y posteriores Video Station 5.1.8 y posteriores • https://www.qnap.com/en/security-advisory/qsa-22-14 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-44055 – Information leakage in Video Station
https://notcve.org/view.php?id=CVE-2021-44055
An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02/16 ) and later Se ha informado de una vulnerabilidad de falta de autorización que afecta al dispositivo de QNAP que ejecuta Video Station. Si es explotada, esta vulnerabilidad permite a atacantes remotos acceder a los datos o llevar a cabo acciones que no deberían estar permitidas. Ya hemos corregido esta vulnerabilidad en las siguientes versiones de Video Station: Video Station 5.5.9 ( 2022/02/16 ) y posteriores • https://www.qnap.com/en/security-advisory/qsa-22-14 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-28812 – Command Injection Vulnerability in Video Station
https://notcve.org/view.php?id=CVE-2021-28812
A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Video Station versions prior to 5.5.4 on QTS 4.5.2; versions prior to 5.5.4 on QuTS hero h4.5.2; versions prior to 5.5.4 on QuTScloud c4.5.4. This issue does not affect: QNAP Systems Inc. • https://www.qnap.com/zh-tw/security-advisory/qsa-21-21 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33181
https://notcve.org/view.php?id=CVE-2021-33181
Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows remote authenticated users to send arbitrary request to intranet resources via unspecified vectors. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en el componente webapi en Synology Video Station versiones anteriores a 2.4.10-1632, permite a usuarios autenticados remotos enviar peticiones arbitrarias a los recursos de la intranet por medio de vectores no especificados • https://www.synology.com/security/advisory/Synology_SA_21_04 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-7184
https://notcve.org/view.php?id=CVE-2019-7184
This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions. Esta vulnerabilidad de secuencias de comandos entre sitios (XSS) en Video Station permite a los atacantes remotos inyectar y ejecutar secuencias de comandos en la consola de administración del administrador. Para corregir esta vulnerabilidad, QNAP recomienda actualizar Video Station a sus últimas versiones. • https://www.qnap.com/zh-tw/security-advisory/nas-201911-27 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •