Security ID : QSA-23-55
Multiple Vulnerabilities in Video Station
Release date : January 6, 2024
CVE identifier : CVE-2023-41287 | CVE-2023-41288
Affected products: Video Station 5.7.x
Severity
Important
Status
Resolved
Summary
Multiple vulnerabilities have been reported to affect Video Station:
- CVE-2023-41287: If exploited, the SQL injection vulnerability could allow users to inject malicious code via a network.
- CVE-2023-41288: If exploited, the OS command injection vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerabilities in the following version:
| Affected Product | Fixed Version |
| Video Station 5.7.x | Video Station 5.7.2 (2023/11/23) and later |
Recommendation
To fix the vulnerabilities, we recommend updating Video Station to the latest version.
Updating Video Station
- Log on to QTS or QuTS hero as an administrator.
- Open App Center and then click
.
A search box appears. - Type "Video Station" and then press ENTER.
Video Station appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Video Station is already up to date. - Click OK.
The system updates the application.
Attachment
Acknowledgements: Vladimir Meier and Thomas Dewaele (Bugscale SA)
Revision History:
V1.0 (January 06, 2024) - Published
