CVE-2024-14025

Video Station

CVSS 0.1 LOWEPSS 0.1%CWE-89

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 0.1EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

11 Mar 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later

CVSS:4.0/AV:P/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:U

Affected products

QNAP Systems Inc. · Video Station

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.qnap.com/en/security-advisory/qsa-24-24