Eval Injection Vulnerability in NETGEAR ReadyNAS Firmware
CVE-2013-2751

Currently unrated

Key Information:

Vendor: Netgear
Status: Raidiator
Vendor: CVE Published:; 12 December 2013

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 83%

What is CVE-2013-2751?

An Eval injection vulnerability exists in the FrontView web interface of NETGEAR ReadyNAS RAIDiator prior to version 4.1.12 and in version 4.2.x prior to 4.2.24. This flaw allows remote attackers to exploit the 'forgot password workflow' and execute arbitrary Perl code through specially crafted requests. As a result, attackers could gain unauthorized access and potentially take control of the device, posing significant risks to data integrity and security.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2013-2751
Created by Rapid7

References

http://packetstormsecurity.com/files/123726/Netgear-Ready...

x_refsource_MISC

http://www.tripwire.com/register/security-advisory-netgea...

x_refsource_MISC

http://www.readynas.com/?p=7002

x_refsource_MISC

EPSS Score

83% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2013
🟡
Public PoC available
Oct 24, 2013
👾
Exploit known to exist
Oct 24, 2013
Vulnerability Reserved
Apr 2, 2013