PT-2009-2550 · Raidsonic · Raidsonic Icy Box Nas

Published

2009-08-25

Updated

2017-08-17

CVE-2008-7081

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions RaidSonic ICY BOX NAS firmware version 2.3.2.IB.2.RS.1

Description The issue allows remote attackers to bypass authentication and gain administrator privileges. This is achieved by setting the login parameter to admin in the userHandler.cgi endpoint.

Recommendations For RaidSonic ICY BOX NAS firmware version 2.3.2.IB.2.RS.1, avoid using the login parameter in the userHandler.cgi endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the userHandler.cgi endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2008-7081

Affected Products

Raidsonic Icy Box Nas

PT-2009-2550 · Raidsonic · Raidsonic Icy Box Nas

CVE-2008-7081

Weakness Enumeration

Related Identifiers

Affected Products

References · 3