cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/927644 | US Government Resource |
http://www.kb.cert.org/vuls/id/927644 | US Government Resource |
Configurations
History
21 Nov 2024, 01:46
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.kb.cert.org/vuls/id/927644 - US Government Resource |
Information
Published : 2013-06-07 20:55
Updated : 2024-11-21 01:46
NVD link : CVE-2013-0143
Mitre link : CVE-2013-0143
CVE.ORG link : CVE-2013-0143
JSON object : View
Products Affected
qnap
- surveillance_station_pro
- nas
- viostor_network_video_recorder
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')