Multiple vulnerabilities in STEALTHONE D220/D340/D440

Overview

STEALTHONE D220/D340/D440 provided by Y’S corporation contain multiple vulnerabilities.

Description

Network storage servers STEALTHONE D220/D340/D440 provided by Y’S corporation contain multiple vulnerabilities listed below.

  • OS Command Injection (CWE-78)
    • CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
    • CVE-2025-20016
  • OS Command Injection (CWE-78)
    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8
    • CVE-2025-20055
  • SQL Injection (CWE-89)
    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 7.5
    • CVE-2025-20620

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

Credit

Chuya Hayakawa and Ryo Kamino of 00One, Inc. reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.

نوشته های مشابه

Trend Micro Deep Security Agent for Windows and Deep Security Notifier on DSVA vulnerable to OS command injection

WordPress Plugin “My WP Customize Admin/Frontend” vulnerable to cross-site scripting

Multiple vulnerabilities in FXC AE1021 and AE1021PE

Multiple vulnerabilities in SHARP routers