cbcvebase.
CVE-2013-2751
published 2013-12-12

CVE-2013-2751: Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24…

PriorityP180critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
71.60%
99.3th percentile
Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."

Affected

2 ranges
VendorProductVersion rangeFixed in
netgearraidiator>= 4.1 < 4.1.124.1.12
netgearraidiator>= 4.2 < 4.2.244.2.24

Detection & IOCsextracted from sources · hover to see the quote

path/frontview/lib/np_handler.pl
url/np_handler/?PAGE=Nasstate&OPERATION=get&SECTION=<payload>
command#{rand_text_numeric(1)});use MIME::Base64;system(decode_base64("#{Rex::Text.encode_base64(payload.encoded)}")
  • Detect exploit check probe: HTTP GET to /np_handler with SECTION=) returns HTTP 200 with body matching 'syntax error at (eval'
  • Monitor HTTPS GET requests to /np_handler endpoint with a SECTION parameter containing Perl injection patterns such as closing parenthesis, semicolons, or Base64-encoded payloads
  • Flag HTTP responses from ReadyNAS FrontView containing 'syntax error at (eval' as indicative of active exploitation probing
  • The exploit uses MIME::Base64 and system() within the injected SECTION parameter to execute OS commands; look for these strings URL-encoded in GET requests to /np_handler
  • ·Exploit requires SSL (HTTPS on port 443); plain HTTP traffic to port 80 will not carry this attack in default Metasploit configuration
  • ·Module was tested only on an emulated firmware environment (4.2.23), not confirmed on real hardware; detection coverage on physical devices may vary
  • ·Payload space is capped at 4096 bytes accounting for Apache request length and Base64 encoding ratio; payloads exceeding this limit will not be delivered
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.