CVE-2013-6276 (GCVE-0-2013-6276)

Vulnerability from cvelistv5 – Published: 2021-08-09 17:25 – Updated: 2024-08-06 17:38 Unsupported When Assigned
VLAI
Summary
QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models
Severity
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:38:59.766Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://firmware.re/vulns/acsa-2013-002.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://web.archive.org/web/20210320190014/http://firmware.re/vulns/acsa-2013-002.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-09T17:25:40.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://firmware.re/vulns/acsa-2013-002.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://web.archive.org/web/20210320190014/http://firmware.re/vulns/acsa-2013-002.php"
        }
      ],
      "tags": [
        "unsupported-when-assigned"
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-6276",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "** UNSUPPORTED WHEN ASSIGNED ** QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://firmware.re/vulns/acsa-2013-002.php",
              "refsource": "MISC",
              "url": "http://firmware.re/vulns/acsa-2013-002.php"
            },
            {
              "name": "http://web.archive.org/web/20210320190014/http://firmware.re/vulns/acsa-2013-002.php",
              "refsource": "MISC",
              "url": "http://web.archive.org/web/20210320190014/http://firmware.re/vulns/acsa-2013-002.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-6276",
    "datePublished": "2021-08-09T17:25:40.000Z",
    "dateReserved": "2013-10-24T00:00:00.000Z",
    "dateUpdated": "2024-08-06T17:38:59.766Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2013-6276",
      "date": "2026-06-03",
      "epss": "0.00369",
      "percentile": "0.59108"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-6276\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-08-09T18:15:07.120\",\"lastModified\":\"2024-11-21T01:58:56.353\",\"vulnStatus\":\"Modified\",\"cveTags\":[{\"sourceIdentifier\":\"cve@mitre.org\",\"tags\":[\"unsupported-when-assigned\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models\"},{\"lang\":\"es\",\"value\":\"** NO COMPATIBLE CUANDO SE ASIGN\u00d3 ** QNAP F_VioCard 2312 y F_VioGate 2308, presentan entradas embebidas en los archivos authorized_keys. NOTA: 1. Todos los modelos activos no est\u00e1n afectados. El \u00faltimo modelo afectado fue EOL desde 2010. 2. El mecanismo de autorizaci\u00f3n heredado ya no se adopta en todos los modelos activos\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:viocard-30_firmware:2312_2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6684D14A-C19F-4059-BE95-DFEECB82C79C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qnap:viocard-30:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D1FFC14-6745-43D3-ABCC-DAABA83D50CF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:viocard-100_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5417033-C06D-4C57-B612-40331463FDD7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qnap:viocard-100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC59C84A-35B0-4A31-8F4B-775C1F8C079B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:viocard-300_firmware:rc_b3722:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A75B8A8B-D810-4E67-A08B-E5D3788E3932\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:viocard-300_firmware:rs_b4631:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06907526-B04B-4E94-B9FB-5584392DFA2E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qnap:viocard-300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C17C3D98-39BF-433A-BEF8-002F94F9823A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:viogate-340a_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"032AE80C-1764-43DB-BE88-083722BEE2AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qnap:viogate-340a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52AF1E36-B624-41DF-9057-81E510757F64\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qnap:viogate-340_firmware:2308_2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9AE0F94-2026-46F4-9611-168071A095D9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qnap:viogate-340:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"966677D1-45FB-4363-AEF3-CDBB3DED8D2E\"}]}]}],\"references\":[{\"url\":\"http://firmware.re/vulns/acsa-2013-002.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://web.archive.org/web/20210320190014/http://firmware.re/vulns/acsa-2013-002.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://firmware.re/vulns/acsa-2013-002.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://web.archive.org/web/20210320190014/http://firmware.re/vulns/acsa-2013-002.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.