CVE-2013-10049 in IB-NAS5220information

Résumé

par MITRE • 02/08/2025

An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input in the timeZone parameter of a POST request, allowing remote attackers to inject arbitrary shell commands.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsable

VulnCheck

Réserver

01/08/2025

Divulgation

02/08/2025

Modérer

accepté

Entrée

VDB-318566

CPE

prêt

Exploitation

Télécharger

EPSS

0.01968

KEV

non

Activités

très faible

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!