RaidSonic IB-NAS5220 and IB-NAS4220-B Multiple Security Vulnerabilities
BID:57958
Info
RaidSonic IB-NAS5220 and IB-NAS4220-B Multiple Security Vulnerabilities
| Bugtraq ID: | 57958 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 14 2013 12:00AM |
| Updated: | Sep 25 2013 12:15AM |
| Credit: | m-1-k-3 |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
RaidSonic IB-NAS5220 and IB-NAS4220-B Multiple Security Vulnerabilities
RaidSonic IB-NAS5220 and IB-NAS422-B are prone to multiple security vulnerabilities, including:
1. An authentication-bypass vulnerability
2. An HTML-injection vulnerability
3. A command-injection vulnerability
The attacker may leverage these issues to bypass certain security restrictions and perform unauthorized actions or execute HTML and script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or inject and execute arbitrary commands.
RaidSonic IB-NAS5220 and IB-NAS422-B are prone to multiple security vulnerabilities, including:
1. An authentication-bypass vulnerability
2. An HTML-injection vulnerability
3. A command-injection vulnerability
The attacker may leverage these issues to bypass certain security restrictions and perform unauthorized actions or execute HTML and script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or inject and execute arbitrary commands.
Exploit / POC
RaidSonic IB-NAS5220 and IB-NAS4220-B Multiple Security Vulnerabilities
An attacker can use a browser to exploit these issues.
The following example data, URI and exploit code are available:
An attacker can use a browser to exploit these issues.
The following example data, URI and exploit code are available:
Solution / Fix
RaidSonic IB-NAS5220 and IB-NAS4220-B Multiple Security Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
RaidSonic IB-NAS5220 and IB-NAS4220-B Multiple Security Vulnerabilities
References:
References: