Thecus NAS server N8800 with firmware version 5.03.01, and possibly earlier versions, contains multiple vulnerabilities.
The 7 Elements advisory states that the Thecus NAS server N8800 device contains the following vulnerabilities:
CVE-2013-5667 - Thecus NAS Server N8800 Firmware 5.03.01 get_userid OS Command Injection
An attacker may be able to execute arbitrary system commands, steal the Domain Administrator credentials, or sniff administrative passwords.
Apply an Update
Thanks to David Stubley for reporting this vulnerability.
This document was written by Jared Allar.