Details of VAR-201401-0131

ID

VAR-201401-0131

CVE

CVE-2013-5668

TITLE

Thecus NAS Server N8800 contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#105686

DESCRIPTION

The ADS/NT Support page on the Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to discover the administrator credentials by reading this page's cleartext content. Thecus NAS server N8800 with firmware version 5.03.01, and possibly earlier versions, contains multiple vulnerabilities. Thecus NAS server N8800 is a network storage product. Successfully exploiting this issue may allow attackers to obtain sensitive information from the application, that may aid in further attacks

Trust: 3.24

sources: NVD: CVE-2013-5668 // CERT/CC: VU#105686 // JVNDB: JVNDB-2013-005917 // CNVD: CNVD-2014-00624 // BID: 65114 // VULHUB: VHN-65670

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-00624

AFFECTED PRODUCTS

vendor:	thecus	model:	n8800 nas server	scope:	eq	version:	5.03.01	Trust: 1.6
vendor:	thecus	model:	n8800 nas server	scope:	eq	version:	-	Trust: 1.0
vendor:	thecus tech	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	thecus	model:	n8800	scope:	-	version:	-	Trust: 0.8
vendor:	thecus	model:	n8800	scope:	eq	version:	5.03.01	Trust: 0.8
vendor:	thecus	model:	tech nas server n8800 with	scope:	eq	version:	5.03.01	Trust: 0.6
vendor:	thecus	model:	nas server n8800	scope:	eq	version:	5.03.01	Trust: 0.3

sources: CERT/CC: VU#105686 // CNVD: CNVD-2014-00624 // BID: 65114 // JVNDB: JVNDB-2013-005917 // CNNVD: CNNVD-201401-504 // NVD: CVE-2013-5668

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5668
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-5668
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-00624
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201401-504
value:	HIGH
Trust: 0.6
VULHUB:	VHN-65670
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-5668
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-00624
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-65670
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-00624 // VULHUB: VHN-65670 // JVNDB: JVNDB-2013-005917 // CNNVD: CNNVD-201401-504 // NVD: CVE-2013-5668

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-65670 // JVNDB: JVNDB-2013-005917 // NVD: CVE-2013-5668

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-504

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201401-504

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005917

PATCH

title:

N8800

url:

http://japanese.thecus.com/product.php?PROD_ID=19

Trust: 0.8

sources: JVNDB: JVNDB-2013-005917

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5668	Trust: 4.2
db:	CERT/CC	id:	VU#105686	Trust: 4.2
db:	BID	id:	65114	Trust: 1.0
db:	JVN	id:	JVNVU96911453	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-005917	Trust: 0.8
db:	CNNVD	id:	CNNVD-201401-504	Trust: 0.7
db:	CNVD	id:	CNVD-2014-00624	Trust: 0.6
db:	VULHUB	id:	VHN-65670	Trust: 0.1

sources: CERT/CC: VU#105686 // CNVD: CNVD-2014-00624 // VULHUB: VHN-65670 // BID: 65114 // JVNDB: JVNDB-2013-005917 // CNNVD: CNNVD-201401-504 // NVD: CVE-2013-5668

REFERENCES

url:	http://www.kb.cert.org/vuls/id/105686	Trust: 3.4
url:	http://www.7elements.co.uk/resources/blog/multiple-vulnerabilities-thecus-nas/	Trust: 3.3
url:	http://www.7elements.co.uk/news/cve-2013-5668/	Trust: 2.8
url:	http://www.thecus.com/	Trust: 1.1
url:	http://www.7elements.co.uk/news/cve-2013-5667	Trust: 0.8
url:	http://www.7elements.co.uk/news/cve-2013-5668	Trust: 0.8
url:	http://www.7elements.co.uk/news/cve-2013-5669	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5668	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu96911453/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5668	Trust: 0.8

sources: CERT/CC: VU#105686 // CNVD: CNVD-2014-00624 // VULHUB: VHN-65670 // BID: 65114 // JVNDB: JVNDB-2013-005917 // CNNVD: CNNVD-201401-504 // NVD: CVE-2013-5668

CREDITS

David Stubley

Trust: 0.3

sources: BID: 65114

SOURCES

db:	CERT/CC	id:	VU#105686
db:	CNVD	id:	CNVD-2014-00624
db:	VULHUB	id:	VHN-65670
db:	BID	id:	65114
db:	JVNDB	id:	JVNDB-2013-005917
db:	CNNVD	id:	CNNVD-201401-504
db:	NVD	id:	CVE-2013-5668

LAST UPDATE DATE

2025-04-11T23:02:50.752000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#105686	date:	2014-02-10T00:00:00
db:	CNVD	id:	CNVD-2014-00624	date:	2014-01-26T00:00:00
db:	VULHUB	id:	VHN-65670	date:	2014-01-24T00:00:00
db:	BID	id:	65114	date:	2014-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2013-005917	date:	2014-01-27T00:00:00
db:	CNNVD	id:	CNNVD-201401-504	date:	2014-02-20T00:00:00
db:	NVD	id:	CVE-2013-5668	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#105686	date:	2014-01-23T00:00:00
db:	CNVD	id:	CNVD-2014-00624	date:	2014-01-26T00:00:00
db:	VULHUB	id:	VHN-65670	date:	2014-01-24T00:00:00
db:	BID	id:	65114	date:	2014-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2013-005917	date:	2014-01-27T00:00:00
db:	CNNVD	id:	CNNVD-201401-504	date:	2014-01-26T00:00:00
db:	NVD	id:	CVE-2013-5668	date:	2014-01-24T04:38:09.557