CVE-2013-0143

2013-06-0720:55:01

CWE-94

[email protected]

web.nvd.nist.gov

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.13

Percentile

95.6%

JSON

cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.

Affected configurations

Nvd

Node

qnapviostor_network_video_recorderMatch4.0.3

AND

qnapviostor_network_video_recorderMatch-

Node

qnapsurveillance_station_proMatch-

qnapnasMatch-

VendorProductVersionCPE
qnapviostor_network_video_recorder4.0.3cpe:2.3:o:qnap:viostor_network_video_recorder:4.0.3:*:*:*:*:*:*:*
qnapviostor_network_video_recorder-cpe:2.3:h:qnap:viostor_network_video_recorder:-:*:*:*:*:*:*:*
qnapsurveillance_station_pro-cpe:2.3:a:qnap:surveillance_station_pro:-:*:*:*:*:*:*:*
qnapnas-cpe:2.3:h:qnap:nas:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qnap	viostor_network_video_recorder	4.0.3	cpe:2.3:o:qnap:viostor_network_video_recorder:4.0.3:::::::*
qnap	viostor_network_video_recorder	-	cpe:2.3:h:qnap:viostor_network_video_recorder:-:::::::*
qnap	surveillance_station_pro	-	cpe:2.3:a:qnap:surveillance_station_pro:-:::::::*
qnap	nas	-	cpe:2.3:h:qnap:nas:-:::::::*