RCE in Qnap Nas
CVE-2013-0143
cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell m…
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.070 (93.3th percentile) — read the EPSS interpretation.
Affected products
- Qnap Nas
- Qnap Surveillance_station_pro
- Qnap Viostor_network_video_recorder — versions 4.0.3
- N/a — versions n/a
Weakness classification (CWE)
References
- cret@cert.org (US Government Resource, x_refsource_CERT-VN, third-party-advisory)