// For flags

CVE-2013-0143

QNAP VioStor NVR / QNAP NAS - Remote Code Execution

Severity Score

6.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.

cgi-bin/pingping.cgi en dispositivos QNAP VioStor NVR con firmware v4.0.3, y en el componente Surveillance Station Pro en QNAP NAS, permite que usuarios remotos autenticados ejecuten comandos de su elección haciendo uso de acceso de invitado e incluyendo metacaracteres de la shell en una cadena de petición.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-12-06 CVE Reserved
  • 2013-06-05 First Exploit
  • 2013-06-07 CVE Published
  • 2024-09-17 CVE Updated
  • 2024-09-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (2)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Qnap
Search vendor "Qnap"
Viostor Network Video Recorder
Search vendor "Qnap" for product "Viostor Network Video Recorder"
4.0.3
Search vendor "Qnap" for product "Viostor Network Video Recorder" and version "4.0.3"
-
Affected
in Qnap
Search vendor "Qnap"
Viostor Network Video Recorder
Search vendor "Qnap" for product "Viostor Network Video Recorder"
--
Affected
Qnap
Search vendor "Qnap"
Surveillance Station Pro
Search vendor "Qnap" for product "Surveillance Station Pro"
--
Affected
Qnap
Search vendor "Qnap"
Nas
Search vendor "Qnap" for product "Nas"
--
Affected