Search

Security ID : QSA-21-21

Command Injection Vulnerability in Video Station

  • Release date : June 3, 2021

  • CVE identifier : CVE-2021-28812

  • Affected products: QNAP NAS running Video Station

Severity

Important

Status

Resolved

Summary

A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands.


We have already fixed the issue in the following versions:

  • QTS 4.5.2: Video Station 5.5.4 and later
  • QuTS hero h4.5.2: Video Station 5.5.4 and later
  • QuTScloud c4.5.4: Video Station 5.5.4 and later

QNAP NAS running the following versions are not affected:

  • QTS 4.3.6: Video Station 5.3.11 and later
  • QTS 4.3.3: Video Station 5.1.6 and later

Recommendation

To fix the vulnerability, we recommend updating Video Station to the latest version.


Updating Video Station

  1. Log on to QTS or QuTS hero as administrator.
  2. Open the App Center and then click .
    A search box appears.
  3. Type “Video Station” and then press ENTER.
    Video Station appears in the search results.
  4. Click Update.
    A confirmation message appears.
    Note: The Update button is not available if your Video Station is already up to date.
  5. Click OK.
    The application is updated.

Acknowledgements: Thomas Fady

Revision History: V1.0 (June 3, 2021) - Published

Choose specification

      Show more Less

      Choose Your Country or Region

      open menu
      back to top