What is CVE-2013-10049?

CVE-2013-10049 is a vulnerability in Raidsonic Technology Gmbh Ib-nas4220, classified under OS Command Injection. Published 2025-08-01.

Is CVE-2013-10049 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Raidsonic Technology Gmbh Ib-nas4220

CVE-2013-10049

An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to pro…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.760 (98.9th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/l… (exploit)
www.exploit-db.com/exploits/24499 (exploit)
www.exploit-db.com/exploits/28508 (exploit)
web.archive.org/web/20160616174425/http://www.s3cur1ty.de/m1adv2013-010 (technical-description, exploit)
www.vulncheck.com/advisories/raidsonic-nas-devices-unauth-rce (third-party-advisory)

Frequently asked questions

What is CVE-2013-10049?: CVE-2013-10049 is a vulnerability in Raidsonic Technology Gmbh Ib-nas4220, classified under OS Command Injection. Published 2025-08-01.
Is CVE-2013-10049 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.