Sign-up

ID

VAR-201401-0130


CVE

CVE-2013-5667


TITLE

Thecus NAS Server N8800 contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#105686

DESCRIPTION

The Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to execute arbitrary commands via a get_userid action with shell metacharacters in the username parameter. Thecus NAS server N8800 with firmware version 5.03.01, and possibly earlier versions, contains multiple vulnerabilities. Thecus NAS server N8800 is a network storage product. NAS Server N8800 is prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input. Successfully exploiting this issue may allow an attacker to execute arbitrary OS commands in context of the affected application

Trust: 3.24

sources: NVD: CVE-2013-5667 // CERT/CC: VU#105686 // JVNDB: JVNDB-2013-005916 // CNVD: CNVD-2014-00622 // BID: 65118 // VULHUB: VHN-65669

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00622

AFFECTED PRODUCTS

vendor:thecusmodel:n8800 nas serverscope:eqversion:5.03.01

Trust: 1.6

vendor:thecusmodel:n8800 nas serverscope:eqversion: -

Trust: 1.0

vendor:thecus techmodel: - scope: - version: -

Trust: 0.8

vendor:thecusmodel:n8800scope: - version: -

Trust: 0.8

vendor:thecusmodel:n8800scope:eqversion:5.03.01

Trust: 0.8

vendor:thecusmodel:tech nas server n8800 withscope:eqversion:5.03.01

Trust: 0.6

vendor:thecusmodel:nas server n8800scope:eqversion:5.03.01

Trust: 0.3

sources: CERT/CC: VU#105686 // CNVD: CNVD-2014-00622 // BID: 65118 // JVNDB: JVNDB-2013-005916 // CNNVD: CNNVD-201401-503 // NVD: CVE-2013-5667

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5667
value: HIGH

Trust: 1.0

NVD: CVE-2013-5667
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-00622
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201401-503
value: CRITICAL

Trust: 0.6

VULHUB: VHN-65669
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-5667
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00622
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-65669
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-00622 // VULHUB: VHN-65669 // JVNDB: JVNDB-2013-005916 // CNNVD: CNNVD-201401-503 // NVD: CVE-2013-5667

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-65669 // JVNDB: JVNDB-2013-005916 // NVD: CVE-2013-5667

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-503

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201401-503

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005916

PATCH
title:N8800url:http://japanese.thecus.com/product.php?PROD_ID=19
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005916

EXTERNAL IDS
db:NVDid:CVE-2013-5667
Trust: 4.2
db:CERT/CCid:VU#105686
Trust: 4.2
db:BIDid:65118
Trust: 1.0
db:JVNid:JVNVU96911453
Trust: 0.8
db:JVNDBid:JVNDB-2013-005916
Trust: 0.8
db:CNNVDid:CNNVD-201401-503
Trust: 0.7
db:CNVDid:CNVD-2014-00622
Trust: 0.6
db:VULHUBid:VHN-65669
Trust: 0.1
sources:
            
            
            CERT/CC: VU#105686 // 
            
            
            
            CNVD: CNVD-2014-00622 // 
            
            
            
            VULHUB: VHN-65669 // 
            
            
            
            BID: 65118 // 
            
            
            
            JVNDB: JVNDB-2013-005916 // 
            
            
            
            CNNVD: CNNVD-201401-503 // 
            
            
            
            NVD: CVE-2013-5667

REFERENCES
url:http://www.kb.cert.org/vuls/id/105686
Trust: 3.4
url:http://www.7elements.co.uk/resources/blog/multiple-vulnerabilities-thecus-nas/
Trust: 3.3
url:http://www.7elements.co.uk/news/cve-2013-5667/
Trust: 2.5
url:http://www.thecus.com/
Trust: 1.1
url:http://www.7elements.co.uk/news/cve-2013-5667
Trust: 1.1
url:http://www.7elements.co.uk/news/cve-2013-5668
Trust: 0.8
url:http://www.7elements.co.uk/news/cve-2013-5669
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5667
Trust: 0.8
url:http://jvn.jp/vu/jvnvu96911453/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5667
Trust: 0.8
sources:
            
            
            CERT/CC: VU#105686 // 
            
            
            
            CNVD: CNVD-2014-00622 // 
            
            
            
            VULHUB: VHN-65669 // 
            
            
            
            BID: 65118 // 
            
            
            
            JVNDB: JVNDB-2013-005916 // 
            
            
            
            CNNVD: CNNVD-201401-503 // 
            
            
            
            NVD: CVE-2013-5667

CREDITS
David Stubley
Trust: 0.3
sources:
            
            
            BID: 65118

SOURCES
db:CERT/CCid:VU#105686
db:CNVDid:CNVD-2014-00622
db:VULHUBid:VHN-65669
db:BIDid:65118
db:JVNDBid:JVNDB-2013-005916
db:CNNVDid:CNNVD-201401-503
db:NVDid:CVE-2013-5667

LAST UPDATE DATE
2025-04-11T23:02:50.714000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#105686date:2014-02-10T00:00:00
db:CNVDid:CNVD-2014-00622date:2014-01-26T00:00:00
db:VULHUBid:VHN-65669date:2014-01-24T00:00:00
db:BIDid:65118date:2014-01-13T00:00:00
db:JVNDBid:JVNDB-2013-005916date:2014-01-27T00:00:00
db:CNNVDid:CNNVD-201401-503date:2014-02-20T00:00:00
db:NVDid:CVE-2013-5667date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CERT/CCid:VU#105686date:2014-01-23T00:00:00
db:CNVDid:CNVD-2014-00622date:2014-01-26T00:00:00
db:VULHUBid:VHN-65669date:2014-01-24T00:00:00
db:BIDid:65118date:2014-01-13T00:00:00
db:JVNDBid:JVNDB-2013-005916date:2014-01-27T00:00:00
db:CNNVDid:CNNVD-201401-503date:2014-01-26T00:00:00
db:NVDid:CVE-2013-5667date:2014-01-24T04:38:09.527