CVE-2013-10049 in IB-NAS5220
摘要
由 MITRE • 2025-08-02
An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input in the timeZone parameter of a POST request, allowing remote attackers to inject arbitrary shell commands.
VulDB is the best source for vulnerability data and more expert information about this specific topic.