Lucene search

[email protected]CVE-2013-5669

HistoryJan 24, 2014 - 4:38 a.m.

CVE-2013-5669

2014-01-2404:38:09

CWE-255

[email protected]

web.nvd.nist.gov

cve-2013-5669

thecus nas

n8800

firmware 5.03.01

cleartext credentials

authentication

remote attackers

sensitive information

network sniffing

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

86.9%

JSON

The Thecus NAS server N8800 with firmware 5.03.01 uses cleartext credentials for administrative authentication, which allows remote attackers to obtain sensitive information by sniffing the network.

Affected configurations

NVD

Node

thecusn8800_nas_server_firmwareMatch5.03.01

AND

thecusn8800_nas_serverMatch-

CPENameOperatorVersion
thecus:n8800_nas_server_firmwarethecus n8800 nas server firmwareeq5.03.01
thecus:n8800_nas_serverthecus n8800 nas servereq-

CPE	Name	Operator	Version
thecus:n8800_nas_server_firmware	thecus n8800 nas server firmware	eq	5.03.01
thecus:n8800_nas_server	thecus n8800 nas server	eq	-

References

www.7elements.co.uk/news/cve-2013-5669/

www.7elements.co.uk/resources/blog/multiple-vulnerabilities-thecus-nas/

www.kb.cert.org/vuls/id/105686

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

86.9%

JSON

Related for CVE-2013-5669

seebug1 cvelist1 prion1 nvd1 cert1