CVE-2013-0143
Published Jun 7, 2013
Last updated 11 years ago
Overview
- Description
- cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.
- Source
- cret@cert.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-94
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:viostor_network_video_recorder:4.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D19104D8-ECF5-4990-90D2-EE9C30282181"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qnap:viostor_network_video_recorder:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "181489DB-7A64-49C5-A362-55D506AFBCA7"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:surveillance_station_pro:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "99295443-CEBD-47C9-A01B-5C5E8E5A4282"
},
{
"criteria": "cpe:2.3:h:qnap:nas:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80C76690-809E-4A12-BF56-D713DD49ED27"
}
],
"operator": "OR"
}
]
}
]