Vulnerabilities > CVE-2013-5669 - Credentials Management vulnerability in Thecus N8800 NAS Server and N8800 NAS Server Firmware

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
NONE
Availability impact
NONE
network
low complexity
thecus
CWE-255

Summary

The Thecus NAS server N8800 with firmware 5.03.01 uses cleartext credentials for administrative authentication, which allows remote attackers to obtain sensitive information by sniffing the network.

Vulnerable Configurations

Part Description Count
OS
Thecus
1
Hardware
Thecus
1

Common Weakness Enumeration (CWE)

Seebug

bulletinFamilyexploit
descriptionCVE(CAN) ID: CVE-2013-5669 Thecus NAS server N8800是一款网络接入服务器设备。 Thecus NAS server N8800(固件版本5.03.01)对管理员身份验证使用了纯文本的凭证,这可使远程攻击者通过嗅探网络获取敏感信息。 0 thecus NAS Server N8800 5.03.01 厂商补丁: thecus ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.thecus.com/ http://www.7elements.co.uk/news/cve-2013-5669 http://www.7elements.co.uk/resources/blog/multiple-vulnerabilities-thecus-nas/
idSSV:61396
last seen2017-11-19
modified2014-02-10
published2014-02-10
reporterRoot
titleThecus NAS Server N8800信息泄露漏洞