Primary

Context

Y'S Corporation STEALTHONE D220/D340 OS Command Injection Vulnerability

Vulnerability

Patched

An OS command injection vulnerability has been identified in the STEALTHONE D220 and D340 network storage servers, both of which are affected by firmware versions through 6.03.02. This vulnerability allows an attacker with access to the device to execute arbitrary operating system commands.

Impact

Exploitation of this vulnerability allows for arbitrary OS command execution on the affected device.

Remediation

Users are advised to update the firmware to the latest version. The updated firmware for the D220 and D340 can be downloaded from the STEALTHONE D Series product page. For the D440 model, the latest firmware is available on the STEALTHONE D440 product page.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Y'S Corporation STEALTHONE D220/D340 OS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Y'S STEALTHONE D220

Y'S STEALTHONE D340

Y'S STEALTHONE D440

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating