Thecus NAS Server N8800信息泄露漏洞

CVECAN ID: CVE-2013-5669 Thecus NAS server N8800是一款网络接入服务器设备。 Thecus NAS server N8800（固件版本5.03.01）对管理员身份验证使用了纯文本的凭证，这可使远程攻击者通过嗅探网络获取敏感信息。 0 thecus NAS Server N8800 5.03.01 厂商补丁： thecus ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.thecus.com/ http://www.7elements.co.uk/news/cve-2013-5669...

Thecus NAS Server N8800 ADS/NT Support凭证泄露漏洞

CVECAN ID: CVE-2013-5668 Thecus NAS server N8800是一款网络接入服务器设备。 Thecus NAS server N8800（固件版本5.03.01）的ADS/NT Support页面上在实现上存在安全漏洞，远程攻击者通过读取该页的纯文本内容，利用此漏洞可获取管理员凭证。 0 thecus NAS Server N8800 5.03.01 厂商补丁： thecus ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.thecus.com/...

Thecus NAS Server N8800 get_userid OS命令注入漏洞

CVECAN ID: CVE-2013-5667 Thecus NAS server N8800是一款网络接入服务器设备。 Thecus NAS server N8800（固件版本5.03.01）在实现上存在安全漏洞，远程攻击者通过用户名参数内包含元字符的getuserid操作，利用此漏洞可执行任意命令。 0 thecus NAS Server N8800 5.03.01 厂商补丁： thecus ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.thecus.com/...

CVE-2013-5668

The ADS/NT Support page on the Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to discover the administrator credentials by reading this page's cleartext content...

CVE-2013-5667

The Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to execute arbitrary commands via a getuserid action with shell metacharacters in the username parameter...

CVE-2013-5669

The Thecus NAS server N8800 with firmware 5.03.01 uses cleartext credentials for administrative authentication, which allows remote attackers to obtain sensitive information by sniffing the network...

Code injection

The ADS/NT Support page on the Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to discover the administrator credentials by reading this page's cleartext content...

Design/Logic Flaw

The Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to execute arbitrary commands via a getuserid action with shell metacharacters in the username parameter...

Design/Logic Flaw

The Thecus NAS server N8800 with firmware 5.03.01 uses cleartext credentials for administrative authentication, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2013-5669

The Thecus NAS server N8800 (firmware 5.03.01) uses cleartext credentials for administrative authentication, allowing remote attackers to sniff passwords over the network (CVE-2013-5669). Multiple sources confirm the issue; vendor has released firmware updates (ThecusOS 5.03.02.x and related 64‑b...

CVE-2013-5669

The Thecus NAS server N8800 with firmware 5.03.01 uses cleartext credentials for administrative authentication, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2013-5668

The ADS/NT Support page on the Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to discover the administrator credentials by reading this page's cleartext content...

CVE-2013-5667

The CVE-2013-5667 issue affects Thecus NAS server N8800 with firmware 5.03.01, where a get_userid action accepts a username containing shell metacharacters, enabling remote command execution. The vulnerability is triggered via user input parsed by the OS shell, allowing arbitrary commands to be r...

CVE-2013-5668

CVE-2013-5668 affects Thecus NAS Server N8800 (firmware 5.03.01). The ADS/NT Support page stores/returns the Domain Administrator credentials in cleartext, allowing remote reading of admin credentials by accessing that page. Connected sources reference vendor patches: ThecusOS 5.03.02.4 (and rela...

Thecus NAS Server N8800 contains multiple vulnerabilities

Overview Thecus NAS server N8800 with firmware version 5.03.01, and possibly earlier versions, contains multiple vulnerabilities. Description The 7 Elements advisory states that the Thecus NAS server N8800 device contains the following vulnerabilities:CVE-2013-5667 - Thecus NAS Server N8800...