PT-2025-1295 · Y'S · Stealthone D340+1
Chuya Hayakawa
+1
·
Published
2025-01-06
·
Updated
2025-01-16
·
CVE-2025-20055
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
STEALTHONE D220/D340 versions up to 6.03.02
Description
The issue is related to an OS command injection vulnerability in the network storage servers STEALTHONE D220/D340 provided by Y'S corporation. This vulnerability may allow a remote attacker to execute arbitrary OS commands if they can access the affected product.
Recommendations
For STEALTHONE D220/D340 versions up to 6.03.02, update to a version later than 6.03.02 to resolve the issue.
As a temporary workaround, consider restricting access to the affected product to minimize the risk of exploitation.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Stealthone D220
Stealthone D340