Vulnerability Details CVE-2013-0143
cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.097
EPSS Ranking 92.7%
CVSS Severity
CVSS v2 Score 6.5
Products affected by CVE-2013-0143
-
cpe:2.3:a:qnap:surveillance_station_pro:-
-
cpe:2.3:h:qnap:nas:-
-
cpe:2.3:h:qnap:viostor_network_video_recorder:-
-
cpe:2.3:o:qnap:viostor_network_video_recorder:4.0.3