Описание
cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.
Ссылки
- US Government Resource
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:qnap:viostor_network_video_recorder:4.0.3:*:*:*:*:*:*:*
cpe:2.3:h:qnap:viostor_network_video_recorder:-:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:qnap:surveillance_station_pro:-:*:*:*:*:*:*:*
cpe:2.3:h:qnap:nas:-:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.07179
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
почти 4 года назад
cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.
EPSS
Процентиль: 91%
0.07179
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-94