Eval Injection Vulnerability in NETGEAR ReadyNAS Firmware
CVE-2013-2751

Currently unrated

Key Information:

Vendor
Netgear
Status
Raidiator
Vendor
CVE Published:
12 December 2013

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 83%

Summary

An Eval injection vulnerability exists in the FrontView web interface of NETGEAR ReadyNAS RAIDiator prior to version 4.1.12 and in version 4.2.x prior to 4.2.24. This flaw allows remote attackers to exploit the 'forgot password workflow' and execute arbitrary Perl code through specially crafted requests. As a result, attackers could gain unauthorized access and potentially take control of the device, posing significant risks to data integrity and security.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2013-2751
Created by Rapid7

References

http://packetstormsecurity.com/files/123726/Netgear-Ready...
x_refsource_MISC
http://www.tripwire.com/register/security-advisory-netgea...
x_refsource_MISC
http://www.readynas.com/?p=7002
x_refsource_MISC

EPSS Score

83% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability Reserved

.