Cross-Site Request Forgery Vulnerability in NETGEAR ReadyNAS Products
CVE-2013-2752

Currently unrated

Key Information:

Vendor: Netgear
Status: Raidiator
Vendor: CVE Published:; 12 December 2013

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the np_handler.pl script within NETGEAR ReadyNAS RAIDiator, prior to versions 4.1.12 and 4.2.24. This flaw enables remote attackers to exploit the system and potentially hijack the authentication sessions of users, leading to unauthorized access and actions within the platform. Users may unknowingly be manipulated into executing unwanted actions, thereby compromising the security of their data and network environment.

References

http://www.tripwire.com/register/security-advisory-netgea...

x_refsource_MISC

http://www.readynas.com/?p=7002

x_refsource_MISC

http://www.tripwire.com/state-of-security/vulnerability-m...

x_refsource_MISC

Timeline

Vulnerability published
Dec 12, 2013
Vulnerability Reserved
Apr 2, 2013