Details of VAR-201312-0099

ID

VAR-201312-0099

CVE

CVE-2013-2752

TITLE

NETGEAR ReadyNAS RAIDiator of frontview/lib/np_handler.pl Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2013-005519

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users. NetGear RAIDiator is a direct-hanging storage device based on Linux and debian-sparc platforms. There is a command injection vulnerability in NetGear RAIDiator. An attacker can exploit the vulnerability to execute arbitrary shell commands with root privileges. Other attacks are also possible. Following are vulnerable: RAIDiator versions prior to 4.1.12 running on SPARC RAIDiator-x86 versions prior to 4.2.24

Trust: 2.52

sources: NVD: CVE-2013-2752 // JVNDB: JVNDB-2013-005519 // CNVD: CNVD-2013-14090 // BID: 62059 // VULHUB: VHN-62754

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-14090

AFFECTED PRODUCTS

vendor:	netgear	model:	raidiator	scope:	lt	version:	4.1.12	Trust: 1.0
vendor:	netgear	model:	raidiator	scope:	gte	version:	4.2	Trust: 1.0
vendor:	netgear	model:	raidiator	scope:	gte	version:	4.1	Trust: 1.0
vendor:	netgear	model:	raidiator	scope:	lt	version:	4.2.24	Trust: 1.0
vendor:	net gear	model:	readynas ultra 2/plus	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	readynas 2100	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	raidiator	scope:	eq	version:	4.2.24	Trust: 0.8
vendor:	net gear	model:	readynas pro 4	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	readynas 3200	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	readynas pro 6	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	readynas 4200	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	raidiator	scope:	lt	version:	4.2.x	Trust: 0.8
vendor:	net gear	model:	readynas pro	scope:	eq	version:	pioneer edition	Trust: 0.8
vendor:	net gear	model:	readynas nvx	scope:	eq	version:	pioneer edition	Trust: 0.8
vendor:	net gear	model:	readynas 1500	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	readynas ultra 4/plus	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	readynas nvx	scope:	eq	version:	none	Trust: 0.8
vendor:	net gear	model:	readynas pro	scope:	eq	version:	business edition	Trust: 0.8
vendor:	net gear	model:	readynas ultra 6/plus	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	readynas 3100	scope:	-	version:	-	Trust: 0.8
vendor:	net gear	model:	readynas pro 2	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	readynas raidiator	scope:	eq	version:	4.1.11	Trust: 0.6
vendor:	netgear	model:	readynas raidiator	scope:	eq	version:	4.2.23	Trust: 0.6
vendor:	netgear	model:	raidiator	scope:	eq	version:	4.2.23	Trust: 0.6
vendor:	netgear	model:	raidiator	scope:	eq	version:	4.1	Trust: 0.6
vendor:	netgear	model:	raidiator	scope:	eq	version:	4.2.20	Trust: 0.6
vendor:	netgear	model:	raidiator	scope:	eq	version:	4.2.15	Trust: 0.6

sources: CNVD: CNVD-2013-14090 // JVNDB: JVNDB-2013-005519 // CNNVD: CNNVD-201312-248 // NVD: CVE-2013-2752

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-2752
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-2752
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-14090
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201312-248
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-62754
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-2752
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-14090
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-62754
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-14090 // VULHUB: VHN-62754 // JVNDB: JVNDB-2013-005519 // CNNVD: CNNVD-201312-248 // NVD: CVE-2013-2752

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-62754 // JVNDB: JVNDB-2013-005519 // NVD: CVE-2013-2752

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-248

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201312-248

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005519

PATCH

title:	Top Page	url:	http://www.netgear.com/	Trust: 0.8
title:	RAIDiator 4.2.24 (x86)	url:	http://www.readynas.com/?p=7002	Trust: 0.8
title:	Patch for NetGear RAIDiator command injection vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/40541	Trust: 0.6

sources: CNVD: CNVD-2013-14090 // JVNDB: JVNDB-2013-005519

EXTERNAL IDS

db:	NVD	id:	CVE-2013-2752	Trust: 3.5
db:	OSVDB	id:	98825	Trust: 1.7
db:	BID	id:	62059	Trust: 0.9
db:	JVNDB	id:	JVNDB-2013-005519	Trust: 0.8
db:	CNNVD	id:	CNNVD-201312-248	Trust: 0.7
db:	CNVD	id:	CNVD-2013-14090	Trust: 0.6
db:	VULHUB	id:	VHN-62754	Trust: 0.1
db:	PACKETSTORM	id:	123726	Trust: 0.1

sources: CNVD: CNVD-2013-14090 // VULHUB: VHN-62754 // BID: 62059 // JVNDB: JVNDB-2013-005519 // PACKETSTORM: 123726 // CNNVD: CNNVD-201312-248 // NVD: CVE-2013-2752

REFERENCES

url:	http://www.tripwire.com/state-of-security/vulnerability-management/readynas-flaw-allows-root-access-unauthenticated-http-request/	Trust: 1.9
url:	http://www.readynas.com/?p=7002	Trust: 1.7
url:	http://www.tripwire.com/register/security-advisory-netgear-readynas/	Trust: 1.7
url:	http://www.osvdb.org/98825	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2752	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2752	Trust: 0.8
url:	http://www.securityfocus.com/bid/62059	Trust: 0.6
url:	http-request/	Trust: 0.6
url:	http://www.tripwire.com/state-of-security/vulnerability-management/readynas-flaw-allows-root-access-unauthenticated-	Trust: 0.6
url:	http://www.netgear.com	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2752	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2751	Trust: 0.1

sources: CNVD: CNVD-2013-14090 // VULHUB: VHN-62754 // BID: 62059 // JVNDB: JVNDB-2013-005519 // PACKETSTORM: 123726 // CNNVD: CNNVD-201312-248 // NVD: CVE-2013-2752

CREDITS

Craig Young

Trust: 0.4

sources: BID: 62059 // PACKETSTORM: 123726

SOURCES

db:	CNVD	id:	CNVD-2013-14090
db:	VULHUB	id:	VHN-62754
db:	BID	id:	62059
db:	JVNDB	id:	JVNDB-2013-005519
db:	PACKETSTORM	id:	123726
db:	CNNVD	id:	CNNVD-201312-248
db:	NVD	id:	CVE-2013-2752

LAST UPDATE DATE

2025-04-11T22:48:27.366000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-14090	date:	2013-10-28T00:00:00
db:	VULHUB	id:	VHN-62754	date:	2019-07-18T00:00:00
db:	BID	id:	62059	date:	2013-11-26T07:56:00
db:	JVNDB	id:	JVNDB-2013-005519	date:	2013-12-17T00:00:00
db:	CNNVD	id:	CNNVD-201312-248	date:	2019-07-19T00:00:00
db:	NVD	id:	CVE-2013-2752	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-14090	date:	2013-10-28T00:00:00
db:	VULHUB	id:	VHN-62754	date:	2013-12-12T00:00:00
db:	BID	id:	62059	date:	2013-07-05T00:00:00
db:	JVNDB	id:	JVNDB-2013-005519	date:	2013-12-17T00:00:00
db:	PACKETSTORM	id:	123726	date:	2013-10-23T00:00:17
db:	CNNVD	id:	CNNVD-201312-248	date:	2013-12-17T00:00:00
db:	NVD	id:	CVE-2013-2752	date:	2013-12-12T18:55:10.837