Vulnerabilities > CVE-2013-5668 - Credentials Management vulnerability in Thecus N8800 NAS Server and N8800 NAS Server Firmware

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
NONE
Availability impact
NONE
network
low complexity
thecus
CWE-255
NVD
Published: 2014-01-24
Updated: 2014-01-24

Summary

The ADS/NT Support page on the Thecus NAS server N8800 with firmware 5.03.01 allows remote attackers to discover the administrator credentials by reading this page's cleartext content.

Vulnerable Configurations

Part Description Count
OS
Thecus
1
Hardware
Thecus
1

Common Weakness Enumeration (CWE)

Seebug

bulletinFamilyexploit
descriptionCVE(CAN) ID: CVE-2013-5668 Thecus NAS server N8800是一款网络接入服务器设备。 Thecus NAS server N8800(固件版本5.03.01)的ADS/NT Support页面上在实现上存在安全漏洞,远程攻击者通过读取该页的纯文本内容,利用此漏洞可获取管理员凭证。 0 thecus NAS Server N8800 5.03.01 厂商补丁: thecus ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.thecus.com/ http://www.7elements.co.uk/news/cve-2013-5668 http://www.7elements.co.uk/resources/blog/multiple-vulnerabilities-thecus-nas/
idSSV:61395
last seen2017-11-19
modified2014-02-10
published2014-02-10
reporterRoot
titleThecus NAS Server N8800 ADS/NT Support凭证泄露漏洞

References