Skip to main content

Video Station EUVDEUVD-2025-32088

| CVE-2024-56804 HIGH
SQL Injection (CWE-89)
2025-10-03 security@qnapsecurity.com.tw
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:25 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
5.8.4
EUVD ID Assigned
Mar 13, 2026 - 19:29 euvd
EUVD-2025-32088
Analysis Generated
Mar 13, 2026 - 19:29 vuln.today
CVE Published
Oct 03, 2025 - 18:15 nvd
HIGH 8.8

DescriptionCVE.org

An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands.

We have already fixed the vulnerability in the following version: Video Station 5.8.4 and later

Analysis

An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands.

We have already fixed the vulnerability in the following version: Video Station 5.8.4 and later

Technical ContextAI

SQL injection occurs when user-supplied input is incorporated into SQL queries without proper sanitization or parameterized queries.

RemediationAI

Use parameterized queries or prepared statements. Apply input validation and escape special characters. Implement least-privilege database accounts.

CVE-2015-6912 CRITICAL POC
10.0 Sep 11

Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharact

CVE-2015-6911 HIGH POC
7.5 Sep 11

SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL c

CVE-2015-6910 HIGH POC
7.5 Sep 11

SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL c

CVE-2017-13071 CRITICAL
9.8 Nov 22

QNAP has already patched this vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploita

CVE-2021-33181 CRITICAL
9.1 Jun 01

Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows

CVE-2023-41288 HIGH
8.8 Jan 05

An OS command injection vulnerability has been reported to affect Video Station. Rated high severity (CVSS 8.8), this vu

CVE-2023-34976 HIGH
8.8 Oct 13

A SQL injection vulnerability has been reported to affect Video Station. Rated high severity (CVSS 8.8), this vulnerabil

CVE-2023-34975 HIGH
8.8 Oct 13

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high sev

CVE-2021-28812 HIGH
8.8 Jun 03

A command injection vulnerability has been reported to affect certain versions of Video Station. Rated high severity (CV

CVE-2024-14025 MEDIUM
6.7 Mar 11

An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who

CVE-2024-14024 MEDIUM
6.7 Mar 11

An improper certificate validation vulnerability has been reported to affect Video Station. If an attacker gains local n

CVE-2015-9105 MEDIUM
5.4 Jun 30

Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772,

Share

EUVD-2025-32088 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy