CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2013-2751

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0170%
EPSS Percentile40.20th
Published2013年12月12日
Last Modified2026年4月29日

Vulnerability Description

Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."

Affected Platforms (CPE)

💻
Netgear

Raidiator

>= 4.1 and < 4.1.12
💻
Netgear

Raidiator

>= 4.2 and < 4.2.24

References & Advisories

🔗 http://packetstormsecurity.com/files/123726/Netgear-ReadyNAS-Complete-System-Takeover.html
🔗 http://www.exploit-db.com/exploits/29815
🔗 http://www.osvdb.org/98826
🔗 http://www.readynas.com/?p=7002
🔗 http://www.tripwire.com/register/security-advisory-netgear-readynas/
🔗 http://www.tripwire.com/state-of-security/vulnerability-management/readynas-flaw-allows-root-access-unauthenticated-http-request/
🔗 http://packetstormsecurity.com/files/123726/Netgear-ReadyNAS-Complete-System-Takeover.html
🔗 http://www.exploit-db.com/exploits/29815

相關漏洞威脅

CVE-2007-436110.0

NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardwa...

CVE-2013-27526.8

Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2...

CVE-2013-007310.0

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict ...

CVE-2013-136810.0

Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x befo...