CyberSec.Space Logo
Back to CVE Browser

CVE-2013-5667

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1900%
EPSS Percentile30.36th
PublishedJan 24, 2014
Last ModifiedApr 29, 2026

Vulnerability Description

The Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to execute arbitrary commands via a get_userid action with shell metacharacters in the username parameter.

Affected Platforms (CPE)

πŸ’»
Thecus

N8800 Nas Server Firmware

= 5.03.01
πŸ”Œ
Thecus

N8800 Nas Server

All versions

References & Advisories

πŸ”— http://www.7elements.co.uk/news/cve-2013-5667/
πŸ”— http://www.7elements.co.uk/resources/blog/multiple-vulnerabilities-thecus-nas/
πŸ”— http://www.kb.cert.org/vuls/id/105686
πŸ”— http://www.7elements.co.uk/news/cve-2013-5667/
πŸ”— http://www.7elements.co.uk/resources/blog/multiple-vulnerabilities-thecus-nas/
πŸ”— http://www.kb.cert.org/vuls/id/105686

Related Vulnerabilities

CVE-2013-56687.8

The ADS/NT Support page on the Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to discover the administrator...

CVE-2013-56697.8

The Thecus NAS server N8800 with firmware 5.03.01 uses cleartext credentials for administrative authentication, which allows remot...

CVE-2013-233310.0

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary cod...

CVE-2013-233410.0

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary cod...