Description
A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or crash processes.

We have already fixed the vulnerability in the following version:
Media Streaming Add-on 500.1.1 and later
Published: 2026-03-20
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Potential memory corruption leading to crashes or process instability
Action: Apply Patch
AI Analysis

Impact

A buffer overflow in the Media Streaming Add‑on allows an attacker to corrupt memory, which can lead to application crashes or potentially allow the attacker to modify program execution. The vulnerability is defined as CWE‑121, indicating an unsafe write beyond array bounds that can alter program state.

Affected Systems

QNAP Systems Inc.’s Media Streaming Add‑on is affected. All releases before version 500.1.1 contain the flaw; the issue is resolved in 500.1.1 and later."

Risk and Exploitability

The CVSS score of 2.7 classifies this as low severity. No EPSS data is available, and the vulnerability is not listed in KEV. The attack vector is inferred to be remote, as the description states that remote attackers can exploit the flaw to disturb memory or crash processes. Exploitation would likely require legitimate network access to the add‑on, and success would result in denial‑of‑service or potential memory corruption but not immediate remote code execution.

Generated by OpenCVE AI on March 20, 2026 at 17:22 UTC.

Remediation

Vendor Solution

We have already fixed the vulnerability in the following version: Media Streaming Add-on 500.1.1 and later

OpenCVE Recommended Actions

  • Upgrade the Media Streaming Add‑on to version 500.1.1 or newer.

Generated by OpenCVE AI on March 20, 2026 at 17:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Qnap
Qnap media Streaming Add-on
CPEs cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*
Vendors & Products Qnap
Qnap media Streaming Add-on
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}

Wed, 25 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Qnap Systems
Qnap Systems media Streaming Add-on
Vendors & Products Qnap Systems
Qnap Systems media Streaming Add-on

Fri, 20 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
Description A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Media Streaming Add-on 500.1.1 and later
Title Media Streaming Add-on
Weaknesses CWE-121
References
Metrics cvssV4_0

{'score': 2.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U'}

Subscriptions

Qnap Media Streaming Add-on
Qnap Systems Media Streaming Add-on
cve-icon MITRE

Status: PUBLISHED

Assigner: qnap

Published:

Updated: 2026-03-25T14:00:24.616Z

Reserved: 2025-09-15T08:35:00.660Z

Link: CVE-2025-59383

cve-icon Vulnrichment

Updated: 2026-03-25T14:00:20.876Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T17:16:42.007

Modified: 2026-04-14T01:17:24.170

Link: CVE-2025-59383

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:29:04Z

Weaknesses