Lucene search
HistoryJun 07, 2013 - 8:55 p.m.
CVE-2013-0143
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.3 High
AI Score
Confidence
Low
0.055 Low
EPSS
Percentile
93.2%
cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.
Affected configurations
Node
qnapviostor_network_video_recorderMatch4.0.3
qnapviostor_network_video_recorderMatch-
Node
qnapsurveillance_station_proMatch-
ORqnapnasMatch-
References
Related
cvelist
cvelist
CVE-2013-0143
2022-10-03 16:15:05
cve
cve
CVE-2013-0143
2022-10-03 16:15:05
prion
prion
Design/Logic Flaw
2013-06-07 20:55:00
openvas
openvas
VioStor NVR and QNAP NAS RCE Vulnerability
2013-06-07 00:00:00
checkpoint_advisories
checkpoint_advisories
QNAP QTS Remote Command Injection (CVE-2013-0143)
2018-05-27 00:00:00
cert
cert
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.3 High
AI Score
Confidence
Low
0.055 Low
EPSS
Percentile
93.2%
Related for NVD:CVE-2013-0143