CVE-2013-6276 — CRITICAL (9.8)

Vulnerability Description

QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qnap	Viocard-30 Firmware	2312_2.1.0
Qnap	Viocard-30	-
Qnap	Viocard-100 Firmware	-
Qnap	Viocard-100	-
Qnap	Viocard-300 Firmware	rc_b3722
Qnap	Viocard-300	-
Qnap	Viogate-340A Firmware	-
Qnap	Viogate-340A	-
Qnap	Viogate-340 Firmware	2308_2.1.0
Qnap	Viogate-340	-

Related Weaknesses (CWE)

CWE-798

References

http://firmware.re/vulns/acsa-2013-002.phpExploitThird Party Advisory
http://web.archive.org/web/20210320190014/http://firmware.re/vulns/acsa-2013-002ExploitThird Party Advisory
http://firmware.re/vulns/acsa-2013-002.phpExploitThird Party Advisory
http://web.archive.org/web/20210320190014/http://firmware.re/vulns/acsa-2013-002ExploitThird Party Advisory

FAQ

What is CVE-2013-6276?

CVE-2013-6276 is a vulnerability with a CVSS score of 9.8 (CRITICAL). QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authoriza...

How severe is CVE-2013-6276?

CVE-2013-6276 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2013-6276?

Check the references section above for vendor advisories and patch information. Affected products include: Qnap Viocard-30 Firmware, Qnap Viocard-30, Qnap Viocard-100 Firmware, Qnap Viocard-100, Qnap Viocard-300 Firmware.