CVE-2024-14024
Received Received - Intake
Improper Certificate Validation in Video Station Enables System Compromise

Publication date: 2026-03-11

Last updated on: 2026-03-13

Assigner: QNAP Systems, Inc.

Description
An improper certificate validation vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-03-13
Generated
2026-06-16
AI Q&A
2026-03-11
EPSS Evaluated
2026-06-15
NVD
CVE-2024-14024
EUVD
EUVD-2024-55471
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
qnap video_station From 5.0.0 (inc) to 5.8.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

I don't know

Impact Analysis

If exploited, this vulnerability can compromise the security of your system, potentially allowing an attacker with local network access and administrator privileges to bypass security measures or perform unauthorized actions.

Compliance Impact

I don't know

Executive Summary

This vulnerability is an improper certificate validation issue affecting Video Station. It allows an attacker who has both local network access and an administrator account to exploit the flaw and compromise the security of the system.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Video Station to version 5.8.2 or later, where the issue has been fixed.

Additionally, ensure that only trusted administrators have access to the local network to reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-14024. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart