Primary

Context

Y'S Corporation STEALTHONE D220/D340/D440 OS Command Injection Vulnerability

Vulnerability

Patched

An OS command injection vulnerability has been identified in network storage servers STEALTHONE D220, D340, and D440, all provided by Y'S Corporation. This vulnerability affects users with administrative privileges who are logged into the web management interface. The flaw allows these users to execute arbitrary operating system commands.

Impact

Exploitation of this vulnerability allows users with administrative privileges to execute arbitrary OS commands on the affected device.

Remediation

Users are advised to update the firmware to the latest version. The updated firmware for the D220 and D340 is v6.03.03, and for the D440, it is v7.00.11. Firmware packages can be downloaded from the Y'S Corporation website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Y'S Corporation STEALTHONE D220/D340/D440 OS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Y'S STEALTHONE D220

Y'S STEALTHONE D340

Y'S STEALTHONE D440

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating