CVE-2013-6276

Description

QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models

Affected Software
References

Software	From	Fixed in
qnap / viocard-30_firmware	2312_2.1.0	2312_2.1.0.x
qnap / viocard-300_firmware	rc_b3722	rc_b3722.x
qnap / viocard-300_firmware	rs_b4631	rs_b4631.x
qnap / viogate-340_firmware	2308_2.1.0	2308_2.1.0.x

http://firmware.re/vulns/acsa-2013-002.php
http://web.archive.org/web/20210320190014/http://firmware.re/vulns/acsa-2013-002.php

Severity: Critical

CVE: CVE-2013-6276
Published: Aug 9, 2021
Updated: Nov 8, 2023
Exploit:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-798

CVE-2013-6276

Description

Details

CVSS v3

CVSS v2

CWEs