安全ID : QSA-24-24
Vulnerabilities in Video Station
发布日期 : September 7, 2024
通用漏洞披露 : CVE-2023-47563 | CVE-2023-50360 | CVE-2024-14024 | CVE-2024-14025
受影响产品: Video Station 5.x
严重程度
Important
状态
已解决
Summary
Multiple vulnerabilities have been reported to affect Video Station:
- CVE-2023-47563: If exploited, the OS command injection vulnerability could allow remote attackers to execute arbitrary commands on the operating system through the application's input.
- CVE-2023-50360: If exploited, the SQL injection vulnerability could allow attackers to inject malicious code.
- CVE-2024-14024: If an attacker gains local network access and has also gained an administrator account, they can then exploit the improper certificate validation vulnerability to compromise the security of the system.
- CVE-2024-14025: If an attacker gains local network access and has also gained an administrator account, they can then exploit the SQL injection vulnerability to execute unauthorized code or commands.
We have already fixed the vulnerabilities in the following version:
| Affected Product | Fixed Version |
| Video Station 5.x | Video Station 5.8.2 and later |
Recommendation
To fix the vulnerabilities, we recommend updating Video Station to the latest version.
Updating Video Station
- Log on to QTS or QuTS hero as an administrator.
- Open App Center and then click
.
A search box appears. - Type "Video Station" and then press ENTER.
Video Station appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Video Station is already up to date. - Click OK.
The application is updated.
附件
致谢:
lebr0nli (Alan Li), working with DEVCORE Internship Program for CVE-2023-47563
Kaibro and Anonymous for CVE-2023-50360
修订历史:
V1.0 (September 07, 2024) - Published
V1.0 (March 11, 2026) - Update CVE-2024-14024, CVE-2024-14025
