CVE-2023-34976

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 13, 2023

Updated: Oct 18, 2023

CWE ID 89

Summary

CVE-2023-34976 is a SQL injection vulnerability that has been identified in Video Station. This issue enables authenticated users to inject malicious code into the network, potentially leading to security breaches. The flaw has been addressed in Video Station version 5.7.0, released on July 27, 2023, and subsequent updates. It is crucial for users to apply these patches promptly to mitigate the associated risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

QNAP Video Station

Affected Vendors

QNAP Systems

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rzlEn5
https://www.cve.org/CVERecord?id=CVE-2023-34976
https://nvd.nist.gov/vuln/detail/CVE-2023-34976

Back to Vulnerability Database