15 matches found
EUVD-2013-7262
Malware in sbrugna...
EUVD-2008-1435
Malware in sbrugna...
CVE-2013-10049
An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input in the timeZone paramet...
CVE-2013-10049
An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input in the timeZone paramet...
CVE-2013-10049
An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input in the timeZone paramet...
CVE-2013-10049
The vulnerability CVE-2013-10049 affects Raidsonic NAS devices IB-NAS5220 and IB-NAS4220 via the unauthenticated POST endpoint timeHandler.cgi, where improper sanitization of the timeZone parameter allows OS command execution. The root cause is input handling in timeHandler.cgi, enabling remote a...
CVE-2013-10049 Raidsonic NAS Devices Unauthenticated Remote Command Execution
An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input in the timeZone paramet...
CVE-2013-10049 Raidsonic NAS Devices Unauthenticated Remote Command Execution
An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input in the timeZone paramet...
PT-2025-31686 · Raidsonic · Ib-Nas5220 +1
Name of the Vulnerable Software and Affected Versions: Raidsonic NAS devices versions IB-NAS5220 and IB-NAS4220 Description: An OS command injection issue exists due to improper sanitization of user-supplied input. The timeHandler.cgi API endpoint is vulnerable, allowing remote attackers to injec...
Raidsonic NAS Devices Unauthenticated Remote Command Execution
Different Raidsonic NAS devices are vulnerable to OS command injection via the web interface. The vulnerability exists in timeHandler.cgi, which is accessible without authentication. This Metasploit module has been tested with the versions IB-NAS5220 and IB-NAS4220. Since this module is adding a...
Raidsonic NAS Devices - Remote Command Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Raidsonic NAS Devices Unauthenticated...
CVE-2008-1431
RaidSonic NAS-4220-B with 2.6.0-n2007-10-11 firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key...
Raidsonic nas-4220 weak cryptography
Encryption key is stored with data...
raidsonic nas-4220 crypt disk key leak (stored in plain on unencrypted partition)
Manufacturer: RaidSonic www.raidsonic.de Device: NAS-4220-B Firmware: 2.6.0-n2007-10-11 Device Type: end user grade NAS box OS: Linux 2.6.15 Architecture: ARM Designed by: Storm Semiconductor Inc www.storlinksemi.com Problem: Hard disk encryption key stored in plain on unencrypted partition. Time...
raidsonic-disclose.txt
Manufacturer: RaidSonic www.raidsonic.de Device: NAS-4220-B Firmware: 2.6.0-n2007-10-11 Device Type: end user grade NAS box OS: Linux 2.6.15 Architecture: ARM Designed by: Storm Semiconductor Inc www.storlinksemi.com Problem: Hard disk encryption key stored in plain on unencrypted partition. Time...