CVE-2023-34975: QTS, QuTS hero, QuTScloud
First published: Fri Oct 13 2023(Updated: )
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later
Credit: security@qnapsecurity.com.tw security@qnapsecurity.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QNAP Video Station | <5.7.0 |
Remedy
We have already fixed the vulnerability in the following versions: QuTS hero h4.5.4.2626 build 20231225 and later QTS 4.5.4.2627 build 20231225 and later
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SQL injection vulnerability?
The vulnerability ID for this SQL injection vulnerability is CVE-2023-34975.
What software is affected by this vulnerability?
The software affected by this vulnerability is QNAP Video Station.
What is the severity of CVE-2023-34975?
The severity of CVE-2023-34975 is high, with a severity value of 8.8.
How can this vulnerability be exploited?
This vulnerability can be exploited by authenticated users injecting malicious code via a network.
How can I fix CVE-2023-34975?
To fix CVE-2023-34975, upgrade to Video Station 5.7.0 (2023/07/27) or later versions.
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/title
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/qnap
- canonical/qnap video station