CVE-2013-5667

Thecus N8800 NAS Server Firmware 5.03.01 - OS Command Injection via Username Parameter

Title source: llm
STIX 2.1

Description

The Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to execute arbitrary commands via a get_userid action with shell metacharacters in the username parameter.

References (3)

Core 3
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/105686

Scores

EPSS 0.0416
EPSS Percentile 89.6%

Details

CWE
CWE-78
Status published
Products (2)
thecus/n8800_nas_server
thecus/n8800_nas_server_firmware 5.03.01
Published Jan 24, 2014
Tracked Since Feb 18, 2026