PT-2009-2550 · Raidsonic · Raidsonic Icy Box Nas

Publicado

2009-08-25

Atualizado

2017-08-17

CVE-2008-7081

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions RaidSonic ICY BOX NAS firmware version 2.3.2.IB.2.RS.1

Description The issue allows remote attackers to bypass authentication and gain administrator privileges. This is achieved by setting the login parameter to admin in the userHandler.cgi endpoint.

Recommendations For RaidSonic ICY BOX NAS firmware version 2.3.2.IB.2.RS.1, avoid using the login parameter in the userHandler.cgi endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the userHandler.cgi endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2008-7081

Produtos afetados

Raidsonic Icy Box Nas

PT-2009-2550 · Raidsonic · Raidsonic Icy Box Nas

CVE-2008-7081

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3