CVE-2013-0143

Currently unrated

Key Information:

Vendor: Qnap
Status: Viostor Network Video Recorder; Viostor Network Video Recorder
Vendor: CVE Published:; 7 June 2013

Summary

cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.

References

http://www.kb.cert.org/vuls/id/927644

third-party-advisoryx_refsource_CERT-VN

EPSS Score

23% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 7, 2013