Computer Security
[EN] securityvulns.ru no-pyccku


NetGear ReadyNAS code execution
Published:28.10.2013
Source:
SecurityVulns ID:13379
Type:remote
Threat Level:
5/10
Description:Web interface commands injection.
Affected:NETGEAR : ReadyNAS 4.2
CVE:CVE-2013-2752 (Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.)
 CVE-2013-2751 (Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow.")
Original documentdocumentvuln-report_(at)_secur3.us, [CVE-2013-2751, CVE-2013-2752] NETGEAR ReadyNAS Remote Root (28.10.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod