CVE-2013-0143
Summary
| CVE | CVE-2013-0143 |
|---|---|
| State | PUBLISHED |
| Assigner | certcc |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-06-07 20:55:01 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
SingleConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:S/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Qnap | Nas | - | All | All | All |
| Application | Qnap | Surveillance Station Pro | - | All | All | All |
| Hardware | Qnap | Viostor Network Video Recorder | - | All | All | All |
| Operating System | Qnap | Viostor Network Video Recorder | 4.0.3 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Vulnerability Note VU#927644 - QNAP VioStor NVR firmware version 4.0.3 and QNAP NAS multiple vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.kb.cert.org | US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.