Summary
VioStor NVR firmware version 4.0.3 and possibly earlier versions and QNAP NAS with the Surveillance Station Pro activated contains scripts which could allow any user e.g. guest users to execute scripts which run with administrative privileges. It is possible to execute code on the webserver using the ping function.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2013-0143 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Apache Rave User Information Disclosure Vulnerability
- Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- Apache Tomcat TroubleShooter Servlet Installed