安全ID : QSA-21-21
Command Injection Vulnerability in Video Station
发布日期 : June 3, 2021
通用漏洞披露 : CVE-2021-28812
受影响产品: QNAP NAS running Video Station
严重程度
Important
状态
已解决
Summary
A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands.
We have already fixed the issue in the following versions:
- QTS 4.5.2: Video Station 5.5.4 and later
- QuTS hero h4.5.2: Video Station 5.5.4 and later
- QuTScloud c4.5.4: Video Station 5.5.4 and later
QNAP NAS running the following versions are not affected:
- QTS 4.3.6: Video Station 5.3.11 and later
- QTS 4.3.3: Video Station 5.1.6 and later
Recommendation
To fix the vulnerability, we recommend updating Video Station to the latest version.
Updating Video Station
- Log on to QTS or QuTS hero as administrator.
- Open the App Center and then click
.
A search box appears. - Type “Video Station” and then press ENTER.
Video Station appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Video Station is already up to date. - Click OK.
The application is updated.
致谢: Thomas Fady
修订历史: V1.0 (June 3, 2021) - Published
