CVE-2013-0143
Summary
| CVE | CVE-2013-0143 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-06-07 20:55:00 UTC |
| Updated | 2013-06-10 04:00:00 UTC |
| Description | cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string. |
Risk And Classification
Problem Types: CWE-94
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Qnap | Nas | - | All | All | All |
| Hardware | Qnap | Nas | - | All | All | All |
| Application | Qnap | Surveillance Station Pro | - | All | All | All |
| Application | Qnap | Surveillance Station Pro | - | All | All | All |
| Hardware | Qnap | Viostor Network Video Recorder | - | All | All | All |
| Operating System | Qnap | Viostor Network Video Recorder | 4.0.3 | All | All | All |
| Hardware | Qnap | Viostor Network Video Recorder | - | All | All | All |
| Operating System | Qnap | Viostor Network Video Recorder | 4.0.3 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Vulnerability Note VU#927644 - QNAP VioStor NVR firmware version 4.0.3 and QNAP NAS multiple vulnerabilities | CERT-VN | www.kb.cert.org | US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.