{"cve":{"cve_id":"CVE-2024-14024","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00077,"epss_percentile":0.00161,"epss_as_of":"2026-06-23","description":"An improper certificate validation vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following version:\nVideo Station 5.8.2 and later","published_at":"2026-03-11T08:02:03.876000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":0.1,"cvss_v4_vector":"CVSS:4.0/AV:P/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/E:U","cvss_v4_severity":"LOW","ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"partial","cwes":["CWE-295"],"nvd_references":["https://www.qnap.com/en/security-advisory/qsa-24-24"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:51:37.090696Z"},"effective_severity":"LOW","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"P","value_label":"Physical"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"P","value_label":"Present"},{"metric":"PR","name":"Privileges Required","value":"H","value_label":"High"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"N","value_label":"None"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"L","value_label":"Low"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"L","value_label":"Low"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"L","value_label":"Low"},{"metric":"SA","name":"Availability (Subsequent System)","value":"L","value_label":"Low"},{"metric":"E","name":"E","value":"U","value_label":"Unchanged"}]},"affected":[{"vendor_slug":"qnap-systems-inc.","vendor_name":"QNAP Systems Inc.","product_slug":"video-station","product_name":"Video Station","version_start":"5.8.x","version_start_inclusive":true,"version_end":"5.8.2","version_end_inclusive":false,"cpe23_uri":"cve5:qnap-systems-inc.:video-station:5.8.x:5.8.2"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-24-24","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-03-11T08:02:03.876000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:32:52.374524Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:32:52.374524Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:32:52.374524Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:51:37.090696Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:51:37.090696Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:51:37.090696Z","label":"SSVC decision revised","source":"vulnrichment"}]}