Primary

Context

QNAP HybridDesk Station Command Injection Vulnerability

Vulnerability

A command injection vulnerability exists in QNAP HybridDesk Station versions 4.2.x. This vulnerability allows attackers with local network access to execute arbitrary commands on the affected system.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution on the device.

Remediation

Users are advised to update HybridDesk Station to version 4.2.18 or later. Instructions for updating the application are available on the QNAP website.

Added: Aug 29, 2025, 6:19 PM

Updated: Aug 29, 2025, 6:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.5

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.5

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

QNAP HybridDesk Station Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating