CVE-2013-0143

Name of the Vulnerable Software and Affected Versions QNAP VioStor NVR devices version 4.0.3 QNAP NAS (affected versions not specified), specifically in the Surveillance Station Pro component

Description The issue allows remote authenticated users to execute arbitrary commands. This is achieved by leveraging guest access and placing shell metacharacters in the query string of the 'cgi-bin/pingping.cgi' endpoint.

Recommendations For QNAP VioStor NVR devices version 4.0.3, update the firmware to a version that addresses this issue. For QNAP NAS with the Surveillance Station Pro component, restrict access to the 'cgi-bin/pingping.cgi' endpoint until a fix is available. As a temporary workaround, consider disabling guest access to minimize the risk of exploitation.