cbcvebase.
CVE-2013-10049
published 2025-08-01

CVE-2013-10049: An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated…

PriorityP272critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
2.02%
78.5th percentile
An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input in the timeZone parameter of a POST request, allowing remote attackers to inject arbitrary shell commands.

Affected

2 ranges
VendorProductVersion rangeFixed in
raidsonic_technology_gmbhib-nas4220
raidsonic_technology_gmbhib-nas5220

Detection & IOCsextracted from sources · hover to see the quote

path/timeHandler.cgi
othertimeZone (POST parameter - OS command injection vector)
  • Monitor for unauthenticated POST requests to /timeHandler.cgi on Raidsonic NAS devices, particularly with shell metacharacters in the timeZone parameter.
  • Alert on modifications to inetd daemon configuration or unexpected new user account creation on Raidsonic NAS devices, as these are post-exploitation indicators from known exploit modules.
  • ·The Metasploit module is rated ManualRanking due to target instability risk; exploitation modifies inetd configuration and adds a new user, meaning the exploit itself causes persistent system changes.
  • ·The vulnerable endpoint /timeHandler.cgi requires no authentication, meaning exploitation is possible from any network-accessible client without credentials.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.