CVE-2013-0143

cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.
References
Link Resource
http://www.kb.cert.org/vuls/id/927644 US Government Resource
http://www.kb.cert.org/vuls/id/927644 US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:qnap:viostor_network_video_recorder:4.0.3:*:*:*:*:*:*:*
cpe:2.3:h:qnap:viostor_network_video_recorder:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:qnap:surveillance_station_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:qnap:nas:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:46

Type Values Removed Values Added
References () http://www.kb.cert.org/vuls/id/927644 - US Government Resource () http://www.kb.cert.org/vuls/id/927644 - US Government Resource

Information

Published : 2013-06-07 20:55

Updated : 2024-11-21 01:46


NVD link : CVE-2013-0143

Mitre link : CVE-2013-0143

CVE.ORG link : CVE-2013-0143


JSON object : View

Products Affected

qnap

  • surveillance_station_pro
  • nas
  • viostor_network_video_recorder
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')