Security ID : QSA-25-57
Multiple Vulnerabilities in Media Streaming add-on
Release date : February 12, 2026
CVE identifier : CVE-2024-56807 | CVE-2024-56808
Affected products: Media Streaming add-on 500.1.x
Severity
Moderate
Status
Resolved
Summary
Multiple vulnerabilities have been reported to affect Media Streaming add-on:
- CVE-2024-56807: Out-of-bounds read vulnerability
If an attacker gains access to the local network, they can then exploit the vulnerability to obtain secret data. - CVE-2024-56808: Command injection vulnerability
If an attacker gains access to the local network and a user account, they can then exploit the vulnerability to execute arbitrary commands
We have already fixed the vulnerabilities in the following version:
| Affected Product | Fixed Version |
| Media Streaming add-on 500.1.x | Media Streaming add-on 500.1.1.6 (2024/08/02) and later |
Recommendation
To fix the vulnerabilities, we recommend updating Media Streaming add-on to the latest version.
Updating Media Streaming add-on
- Log on to QTS or QuTS hero as an administrator.
- Open App Center and then click
.
A search box appears. - Type "Media Streaming add-on" and then press ENTER.
Media Streaming add-on appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Media Streaming add-on is already up to date. - Click OK.
The system updates the application.
Attachment
Acknowledgements: dcs
Revision History:
V1.0 (February 12, 2026) - Published
