CVE-2013-0143
QNAP VioStor NVR / QNAP NAS - Remote Code Execution
Severity Score
6.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.
cgi-bin/pingping.cgi en dispositivos QNAP VioStor NVR con firmware v4.0.3, y en el componente Surveillance Station Pro en QNAP NAS, permite que usuarios remotos autenticados ejecuten comandos de su elección haciendo uso de acceso de invitado e incluyendo metacaracteres de la shell en una cadena de petición.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-12-06 CVE Reserved
- 2013-06-05 First Exploit
- 2013-06-07 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.kb.cert.org/vuls/id/927644 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/38550 | 2013-06-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qnap Search vendor "Qnap" | Viostor Network Video Recorder Search vendor "Qnap" for product "Viostor Network Video Recorder" | 4.0.3 Search vendor "Qnap" for product "Viostor Network Video Recorder" and version "4.0.3" | - |
Affected
| in | Qnap Search vendor "Qnap" | Viostor Network Video Recorder Search vendor "Qnap" for product "Viostor Network Video Recorder" | - | - |
Affected
|
| Qnap Search vendor "Qnap" | Surveillance Station Pro Search vendor "Qnap" for product "Surveillance Station Pro" | - | - |
Affected
| ||||||
| Qnap Search vendor "Qnap" | Nas Search vendor "Qnap" for product "Nas" | - | - |
Affected
| ||||||