Think you have a false positive on this rule?

Sid 1-46300

Message

SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt

Summary

This event is generated when a command injection is attempted on pingping.cgi for a QNAP device

Impact

Web Application Attack

CVE-2013-0143:

CVSS base score 6.5

CVSS impact score 6.4

CVSS exploitability score 8.0

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Detailed information

CVE-2013-0143: cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.

Affected systems

  • qnap surveillancestationpro -
  • qnap nas -
  • qnap viostornetworkvideo_recorder -
  • qnap viostornetworkvideo_recorder 4.0.3

Ease of attack

CVE-2013-0143:

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

False positives

False negatives

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References