CVE-2013-5667
Thecus N8800 NAS Server Firmware 5.03.01 - OS Command Injection via Username Parameter
Title source: llmDescription
The Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to execute arbitrary commands via a get_userid action with shell metacharacters in the username parameter.
References (3)
Core 3
Core References
Exploit x_refsource_misc
http://www.7elements.co.uk/news/cve-2013-5667/
Exploit x_refsource_misc
http://www.7elements.co.uk/resources/blog/multiple-vulnerabilities-thecus-nas/
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/105686
Scores
EPSS
0.0416
EPSS Percentile
89.6%
Details
CWE
CWE-78
Status
published
Products (2)
thecus/n8800_nas_server
thecus/n8800_nas_server_firmware
5.03.01
Published
Jan 24, 2014
Tracked Since
Feb 18, 2026