Sign-up

ID

VAR-201401-0132


CVE

CVE-2013-5669


TITLE

Thecus NAS Server N8800 contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#105686

DESCRIPTION

The Thecus NAS server N8800 with firmware 5.03.01 uses cleartext credentials for administrative authentication, which allows remote attackers to obtain sensitive information by sniffing the network. Thecus NAS server N8800 with firmware version 5.03.01, and possibly earlier versions, contains multiple vulnerabilities. Thecus NAS server N8800 is a network storage product. Attackers can exploit this issue to gain access to the application credentials by sniffing network traffic through a man-in-the-middle attack. Successful exploits will lead to other attacks

Trust: 3.24

sources: NVD: CVE-2013-5669 // CERT/CC: VU#105686 // JVNDB: JVNDB-2013-005918 // CNVD: CNVD-2014-00620 // BID: 65120 // VULHUB: VHN-65671

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00620

AFFECTED PRODUCTS

vendor:thecusmodel:n8800 nas serverscope:eqversion:5.03.01

Trust: 1.6

vendor:thecusmodel:n8800 nas serverscope:eqversion: -

Trust: 1.0

vendor:thecus techmodel: - scope: - version: -

Trust: 0.8

vendor:thecusmodel:n8800scope: - version: -

Trust: 0.8

vendor:thecusmodel:n8800scope:eqversion:5.03.01

Trust: 0.8

vendor:thecusmodel:tech nas server n8800 withscope:eqversion:5.03.01

Trust: 0.6

vendor:thecusmodel:nas server n8800scope:eqversion:5.03.01

Trust: 0.3

sources: CERT/CC: VU#105686 // CNVD: CNVD-2014-00620 // BID: 65120 // JVNDB: JVNDB-2013-005918 // CNNVD: CNNVD-201401-505 // NVD: CVE-2013-5669

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5669
value: HIGH

Trust: 1.0

NVD: CVE-2013-5669
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-00620
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201401-505
value: HIGH

Trust: 0.6

VULHUB: VHN-65671
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-5669
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00620
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-65671
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-00620 // VULHUB: VHN-65671 // JVNDB: JVNDB-2013-005918 // CNNVD: CNNVD-201401-505 // NVD: CVE-2013-5669

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-65671 // JVNDB: JVNDB-2013-005918 // NVD: CVE-2013-5669

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-505

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201401-505

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005918

PATCH
title:N8800url:http://japanese.thecus.com/product.php?PROD_ID=19
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005918

EXTERNAL IDS
db:NVDid:CVE-2013-5669
Trust: 4.2
db:CERT/CCid:VU#105686
Trust: 4.2
db:BIDid:65120
Trust: 1.0
db:JVNid:JVNVU96911453
Trust: 0.8
db:JVNDBid:JVNDB-2013-005918
Trust: 0.8
db:CNNVDid:CNNVD-201401-505
Trust: 0.7
db:CNVDid:CNVD-2014-00620
Trust: 0.6
db:VULHUBid:VHN-65671
Trust: 0.1
sources:
            
            
            CERT/CC: VU#105686 // 
            
            
            
            CNVD: CNVD-2014-00620 // 
            
            
            
            VULHUB: VHN-65671 // 
            
            
            
            BID: 65120 // 
            
            
            
            JVNDB: JVNDB-2013-005918 // 
            
            
            
            CNNVD: CNNVD-201401-505 // 
            
            
            
            NVD: CVE-2013-5669

REFERENCES
url:http://www.kb.cert.org/vuls/id/105686
Trust: 3.4
url:http://www.7elements.co.uk/resources/blog/multiple-vulnerabilities-thecus-nas/
Trust: 3.3
url:http://www.7elements.co.uk/news/cve-2013-5669/
Trust: 2.8
url:http://www.thecus.com/
Trust: 1.1
url:http://www.7elements.co.uk/news/cve-2013-5667
Trust: 0.8
url:http://www.7elements.co.uk/news/cve-2013-5668
Trust: 0.8
url:http://www.7elements.co.uk/news/cve-2013-5669
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5669
Trust: 0.8
url:http://jvn.jp/vu/jvnvu96911453/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5669
Trust: 0.8
sources:
            
            
            CERT/CC: VU#105686 // 
            
            
            
            CNVD: CNVD-2014-00620 // 
            
            
            
            VULHUB: VHN-65671 // 
            
            
            
            BID: 65120 // 
            
            
            
            JVNDB: JVNDB-2013-005918 // 
            
            
            
            CNNVD: CNNVD-201401-505 // 
            
            
            
            NVD: CVE-2013-5669

CREDITS
David Stubley
Trust: 0.3
sources:
            
            
            BID: 65120

SOURCES
db:CERT/CCid:VU#105686
db:CNVDid:CNVD-2014-00620
db:VULHUBid:VHN-65671
db:BIDid:65120
db:JVNDBid:JVNDB-2013-005918
db:CNNVDid:CNNVD-201401-505
db:NVDid:CVE-2013-5669

LAST UPDATE DATE
2025-04-11T23:02:50.676000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#105686date:2014-02-10T00:00:00
db:CNVDid:CNVD-2014-00620date:2014-01-26T00:00:00
db:VULHUBid:VHN-65671date:2014-01-24T00:00:00
db:BIDid:65120date:2014-01-13T00:00:00
db:JVNDBid:JVNDB-2013-005918date:2014-01-27T00:00:00
db:CNNVDid:CNNVD-201401-505date:2014-02-20T00:00:00
db:NVDid:CVE-2013-5669date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CERT/CCid:VU#105686date:2014-01-23T00:00:00
db:CNVDid:CNVD-2014-00620date:2014-01-26T00:00:00
db:VULHUBid:VHN-65671date:2014-01-24T00:00:00
db:BIDid:65120date:2014-01-13T00:00:00
db:JVNDBid:JVNDB-2013-005918date:2014-01-27T00:00:00
db:CNNVDid:CNNVD-201401-505date:2014-01-26T00:00:00
db:NVDid:CVE-2013-5669date:2014-01-24T04:38:09.590