Arbitrary Command Execution Vulnerability in QNAP VioStor NVR and NAS Products
CVE-2013-0143

Currently unrated

Key Information:

Vendor: Qnap
Status: Viostor Network Video Recorder; Viostor Network Video Recorder
Vendor: CVE Published:; 7 June 2013

Summary

A vulnerability in the cgi-bin/pingping.cgi application on QNAP VioStor NVR devices and Surveillance Station Pro components allows remote authenticated users to execute arbitrary commands. This security issue can be exploited by leveraging guest access to inject shell metacharacters into the query string, potentially compromising the device and its data.

References

http://www.kb.cert.org/vuls/id/927644

third-party-advisoryx_refsource_CERT-VN

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 7, 2013