Freenas
by Freenas
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-20059 | Cri | 0.67 | — | 0.01 | Aug 20, 2025 | FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The exec_raw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation. | ||
| CVE-2014-5334 | Cri | 0.64 | 9.8 | 0.05 | Jan 8, 2018 | FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login. | ||
| CVE-2009-2739 | 0.00 | — | 0.01 | Aug 11, 2009 | Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||
| CVE-2009-2738 | 0.00 | — | 0.01 | Aug 11, 2009 | Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors. |
- risk 0.67cvss —epss 0.01
FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The exec_raw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation.
- risk 0.64cvss 9.8epss 0.05
FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login.
- CVE-2009-2739Aug 11, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
- CVE-2009-2738Aug 11, 2009risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.