VioStor NVR And QNAP NAS Remote Code Execution Vulnerability Network Vulnerability

Summary

VioStor NVR firmware version 4.0.3 and possibly earlier versions and QNAP NAS with the Surveillance Station Pro activated contains scripts which could allow any user e.g. guest users to execute scripts which run with administrative privileges. It is possible to execute code on the webserver using the ping function.

References

http://www.kb.cert.org/vuls/id/927644
http://www.qnap.com/

Updated on 2017-03-28

Severity

Classification

CVE CVE-2013-0143

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Apache Subversion Module Metadata Accessible
Apache ActiveMQ Source Code Information Disclosure Vulnerability
Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
Apache Tomcat DOS Device Name XSS
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities

VioStor NVR and QNAP NAS Remote Code Execution Vulnerability

Take action and discover your vulnerabilities