CVE-2013-6276

QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models

Published: Aug 9, 2021
Updated: Nov 8, 2023
CVE: CVE-2013-6276
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-798

Affected Software
References

Software	From	Fixed in
qnap / viocard-30_firmware	2312_2.1.0	2312_2.1.0.x
qnap / viocard-300_firmware	rc_b3722	rc_b3722.x
qnap / viocard-300_firmware	rs_b4631	rs_b4631.x
qnap / viogate-340_firmware	2308_2.1.0	2308_2.1.0.x

http://firmware.re/vulns/acsa-2013-002.php
http://web.archive.org/web/20210320190014/http://firmware.re/vulns/acsa-2013-002.php

Vulnerability Database

291,048

CVE-2013-6276