CVE-2013-10049

Raidsonic NAS Devices Unauthenticated Remote Command Execution

CVSS 9.3 CRITICALEPSS 2.0%CWE-78

An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input in the timeZone parameter of a POST request, allowing remote attackers to inject arbitrary shell commands.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Raidsonic Technology GmbH · IB-NAS4220 Raidsonic Technology GmbH · IB-NAS5220

public PoCs found — 4

cve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rbunverified cve_referenceweb.archive.org/web/20160616174425/http://www.s3cur1ty.de/m1adv2013-010unverified cve_referencewww.exploit-db.com/exploits/24499unverified cve_referencewww.exploit-db.com/exploits/28508unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/raidsonic_nas_ib5220_exec_noauth.rb https://web.archive.org/web/20160616174425/http://www.s3cur1ty.de/m1adv2013-010 https://www.exploit-db.com/exploits/24499 https://www.exploit-db.com/exploits/28508 https://www.vulncheck.com/advisories/raidsonic-nas-devices-unauth-rce