CyberSec.Space Logo
CVEブラウザに戻る

CVE-2013-2752

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.0040%
EPSS Percentile16.04th
Published2013年12月12日
Last Modified2026年4月29日

Vulnerability Description

Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.

Affected Platforms (CPE)

💻
Netgear

Raidiator

>= 4.1 and < 4.1.12
💻
Netgear

Raidiator

>= 4.2 and < 4.2.24

References & Advisories

🔗 http://www.osvdb.org/98825
🔗 http://www.readynas.com/?p=7002
🔗 http://www.tripwire.com/register/security-advisory-netgear-readynas/
🔗 http://www.tripwire.com/state-of-security/vulnerability-management/readynas-flaw-allows-root-access-unauthenticated-http-request/
🔗 http://www.osvdb.org/98825
🔗 http://www.readynas.com/?p=7002
🔗 http://www.tripwire.com/register/security-advisory-netgear-readynas/
🔗 http://www.tripwire.com/state-of-security/vulnerability-management/readynas-flaw-allows-root-access-unauthenticated-http-request/

関連する脆弱性情報

CVE-2007-436110.0

NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardwa...

CVE-2013-275110.0

Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4....

CVE-2013-246410.0

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 a...

CVE-2013-246310.0

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 a...