Unrated severityNVD Advisory· Published Jun 7, 2013· Updated Apr 29, 2026

CVE-2013-0143

Description

cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.

Affected products

Qnap/Viostor Network Video Recorder2 versions
cpe:2.3:o:qnap:viostor_network_video_recorder:4.0.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:qnap:viostor_network_video_recorder:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:h:qnap:viostor_network_video_recorder:-:*:*:*:*:*:*:*
Qnap/Surveillance Station Pro
cpe:2.3:a:qnap:surveillance_station_pro:-:*:*:*:*:*:*:*
Qnap/Nas
cpe:2.3:h:qnap:nas:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/927644nvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000