CyberSec.Space Logo
Back to CVE Browser

CVE-2013-2751

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0170%
EPSS Percentile40.20th
PublishedDec 12, 2013
Last ModifiedApr 29, 2026

Vulnerability Description

Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."

Affected Platforms (CPE)

πŸ’»
Netgear

Raidiator

>= 4.1 and < 4.1.12
πŸ’»
Netgear

Raidiator

>= 4.2 and < 4.2.24

References & Advisories

πŸ”— http://packetstormsecurity.com/files/123726/Netgear-ReadyNAS-Complete-System-Takeover.html
πŸ”— http://www.exploit-db.com/exploits/29815
πŸ”— http://www.osvdb.org/98826
πŸ”— http://www.readynas.com/?p=7002
πŸ”— http://www.tripwire.com/register/security-advisory-netgear-readynas/
πŸ”— http://www.tripwire.com/state-of-security/vulnerability-management/readynas-flaw-allows-root-access-unauthenticated-http-request/
πŸ”— http://packetstormsecurity.com/files/123726/Netgear-ReadyNAS-Complete-System-Takeover.html
πŸ”— http://www.exploit-db.com/exploits/29815

Related Vulnerabilities

CVE-2007-436110.0

NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardwa...

CVE-2013-27526.8

Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2...

CVE-2013-273310.0

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to exec...

CVE-2013-007310.0

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict ...