Lucene search

MitreCVE-2013-2752

HistoryDec 12, 2013 - 6:55 p.m.

CVE-2013-2752

2013-12-1218:55:10

CWE-352

mitre

web.nvd.nist.gov

103

cve

2013

2752

csrf

vulnerability

netgear

readynas

raidiator

hijack

authentication

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.003

Percentile

65.9%

JSON

Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.

Affected configurations

Nvd

Node

netgearraidiatorRange4.1–4.1.12readynas

netgearraidiatorRange4.2–4.2.24readynas

VendorProductVersionCPE
netgearraidiator*cpe:2.3:o:netgear:raidiator:*:*:*:*:*:readynas:*:*

Vendor	Product	Version	CPE
netgear	raidiator	*	cpe:2.3:o:netgear:raidiator::::::readynas::*

References

www.osvdb.org/98825

www.readynas.com/?p=7002

www.tripwire.com/register/security-advisory-netgear-readynas/

www.tripwire.com/state-of-security/vulnerability-management/readynas-flaw-allows-root-access-unauthenticated-http-request/

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.003

Percentile

65.9%

JSON

Related for CVE-2013-2752