PT-2022-3455 · Qnap · Video Station

Thomas Fady

Published

2022-05-05

Updated

2022-05-13

CVE-2021-44056

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Video Station versions prior to 5.1.8 Video Station versions prior to 5.3.13 Video Station versions prior to 5.5.9

Description An improper authentication issue affects QNAP devices running Video Station, allowing attackers to compromise system security by exploiting the vulnerability. This issue is related to deficiencies in the authentication procedure, which can be exploited by a remote attacker to elevate their privileges.

Recommendations For versions prior to 5.1.8, update to Video Station 5.1.8 or later. For versions prior to 5.3.13, update to Video Station 5.3.13 or later. For versions prior to 5.5.9, update to Video Station 5.5.9 or later.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2022-04233

CVE-2021-44056

Affected Products

Video Station

PT-2022-3455 · Qnap · Video Station

CVE-2021-44056

Weakness Enumeration

Related Identifiers

Affected Products

References · 5