mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
1.1 KiB
1.1 KiB
CVE-2013-10049
&color=brightgreen)
Description
An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input in the timeZone parameter of a POST request, allowing remote attackers to inject arbitrary shell commands.
POC
Reference
- https://www.exploit-db.com/exploits/24499
- https://www.exploit-db.com/exploits/28508
- https://www.vulncheck.com/advisories/raidsonic-nas-devices-unauth-rce
Github
No PoCs found on GitHub currently.