Vulnerabilites related to nuuo - nvrmini_2
Vulnerability from fkie_nvd
Published
2016-08-31 15:59
Modified
2024-11-21 02:54
Severity ?
Summary
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/92318 | ||
| cret@cert.org | https://www.exploit-db.com/exploits/40200/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92318 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40200/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | readynas_surveillance | 1.1.1 | |
| netgear | readynas_surveillance | 1.1.2 | |
| netgear | readynas_surveillance | 1.2.0.4 | |
| netgear | readynas_surveillance | 1.3.2.4 | |
| netgear | readynas_surveillance | 1.3.2.14 | |
| netgear | readynas_surveillance | 1.4.0 | |
| netgear | readynas_surveillance | 1.4.1 | |
| netgear | readynas_surveillance | 1.4.2 | |
| nuuo | crystal | 2.2.1 | |
| nuuo | crystal | 3.0.0 | |
| nuuo | crystal | 3.1.0 | |
| nuuo | crystal | 3.2.0 | |
| nuuo | nvrsolo | 1.0.0 | |
| nuuo | nvrsolo | 1.0.1 | |
| nuuo | nvrsolo | 1.1.0 | |
| nuuo | nvrsolo | 1.1.0.117 | |
| nuuo | nvrsolo | 1.1.1 | |
| nuuo | nvrsolo | 1.1.2 | |
| nuuo | nvrsolo | 1.2.0 | |
| nuuo | nvrsolo | 1.3.0 | |
| nuuo | nvrsolo | 1.75 | |
| nuuo | nvrsolo | 2.0.0 | |
| nuuo | nvrsolo | 2.0.1 | |
| nuuo | nvrsolo | 2.1.5 | |
| nuuo | nvrsolo | 2.2.2 | |
| nuuo | nvrsolo | 2.3 | |
| nuuo | nvrsolo | 2.3.1.20 | |
| nuuo | nvrsolo | 2.3.7.9 | |
| nuuo | nvrsolo | 2.3.7.10 | |
| nuuo | nvrsolo | 2.3.9.6 | |
| nuuo | nvrsolo | 3.0.0 | |
| nuuo | nvrmini_2 | 1.7.5 | |
| nuuo | nvrmini_2 | 1.7.6 | |
| nuuo | nvrmini_2 | 2.0.0 | |
| nuuo | nvrmini_2 | 2.2.1 | |
| nuuo | nvrmini_2 | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9350713-FE2D-4E0B-9F8C-DC75D39DBE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1225D7-C268-4343-9988-7A75416B9860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B4596B86-FE04-4EF0-B2B0-DEA2F435FF19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "000CBDBE-2C3C-4502-86A7-C3D098DE3C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA3A6C7-3EB1-466F-A2A4-C221821D1811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D6B8FE-33D3-4080-BFF4-7EE8E2554CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FC066D-B18D-4BC3-B43B-AA83EB186C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D335E352-75D8-4A05-A040-2543B2B016DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nuuo:crystal:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF2E8FD-DD09-41C6-82C8-3B1AD60042A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nuuo:crystal:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "559B9A7D-34FA-4EF3-B7B2-B2115E2D732F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nuuo:crystal:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7336B11-E0A6-4F82-97B6-0765F9016C7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nuuo:crystal:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B387A683-6B92-4EE8-AB11-C6A8F6D1340C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825FB36D-A956-4C1A-8347-54847D2A165E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "786F893A-E3F2-4FC5-A43D-4812CCEF4C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3CF36E-67F3-40B9-A5F2-64B0165CA6C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.0.117:*:*:*:*:*:*:*",
"matchCriteriaId": "0796B887-E3B9-4A15-99E5-B1853E02D6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BBFC870-408C-447D-B36F-0720074BAEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67ADE7D2-BEB9-4333-8211-CF8C84E85B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24440F32-559E-407F-BC83-A272DEA20002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6486CDA6-FEDD-4A3D-8123-0A1C71699FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.75:*:*:*:*:*:*:*",
"matchCriteriaId": "E652B5F9-1A30-4830-A6C3-666998D29225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C09EB9FB-26CB-4A2D-9113-882D80BC9BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D76A17A-872C-4281-8525-BA9388F181F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEC215A-2E41-4CF6-BB86-BC472CDDC9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF7E86B-2D6D-41B2-B676-D963FAF622A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C23EF235-9834-48E7-8B92-AE0EE0F461B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "CE643FA9-EF8E-43A3-8E0C-819EC434040F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4347D1E4-E162-462E-9A30-2DF79A0010EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "20B9E362-D36F-49BC-B695-46796662A3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "51998757-3AAB-40E4-BDAB-B027843F1DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCF388E-9FBD-4A85-9BA6-0DF7C85632EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F373AAC-B792-45AB-B4FE-37FC6A91DE7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD02ABB-65FF-4F08-9C99-69BB03A2AE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "949274A8-E85A-4344-A4F2-2E038B877874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3D600A-4E84-416C-BAAE-70684DCFD15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA286A6-CCCD-419A-B9DC-10F4B59FF2FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter."
},
{
"lang": "es",
"value": "handle_daylightsaving.php en NUUO NVRmini 2 1.7.5 hasta la versi\u00f3n 3.0.0, NUUO NVRsolo 1.0.0 hasta la versi\u00f3n 3.0.0, NUUO Crystal 2.2.1 hasta la versi\u00f3n 3.2.0 y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versi\u00f3n 1.4.1 permite a atacantes remotos ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s del par\u00e1metro NTPServer."
}
],
"id": "CVE-2016-5675",
"lastModified": "2024-11-21T02:54:48.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-31T15:59:01.653",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/40200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-31 15:59
Modified
2024-11-21 02:54
Severity ?
Summary
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/92318 | ||
| cret@cert.org | https://www.exploit-db.com/exploits/40200/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92318 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40200/ |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD02ABB-65FF-4F08-9C99-69BB03A2AE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "949274A8-E85A-4344-A4F2-2E038B877874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3D600A-4E84-416C-BAAE-70684DCFD15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA286A6-CCCD-419A-B9DC-10F4B59FF2FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1225D7-C268-4343-9988-7A75416B9860",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en cgi-bin/cgi_main en NUUO NVRmini 2 1.7.6 hasta la versi\u00f3n 3.0.0 y NETGEAR ReadyNAS Surveillance 1.1.2 permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro sn al comando transfer_license."
}
],
"id": "CVE-2016-5680",
"lastModified": "2024-11-21T02:54:48.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-31T15:59:06.827",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/40200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-31 15:59
Modified
2024-11-21 02:54
Severity ?
Summary
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/92318 | ||
| cret@cert.org | https://www.exploit-db.com/exploits/40200/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92318 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40200/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | readynas_surveillance | 1.1.1 | |
| netgear | readynas_surveillance | 1.1.2 | |
| netgear | readynas_surveillance | 1.2.0.4 | |
| netgear | readynas_surveillance | 1.3.2.4 | |
| netgear | readynas_surveillance | 1.3.2.14 | |
| netgear | readynas_surveillance | 1.4.0 | |
| netgear | readynas_surveillance | 1.4.1 | |
| netgear | readynas_surveillance | 1.4.2 | |
| nuuo | nvrmini_2 | 1.7.5 | |
| nuuo | nvrmini_2 | 1.7.6 | |
| nuuo | nvrmini_2 | 2.0.0 | |
| nuuo | nvrmini_2 | 2.2.1 | |
| nuuo | nvrmini_2 | 3.0.0 | |
| nuuo | nvrsolo | 1.0.0 | |
| nuuo | nvrsolo | 1.0.1 | |
| nuuo | nvrsolo | 1.1.0 | |
| nuuo | nvrsolo | 1.1.0.117 | |
| nuuo | nvrsolo | 1.1.1 | |
| nuuo | nvrsolo | 1.1.2 | |
| nuuo | nvrsolo | 1.2.0 | |
| nuuo | nvrsolo | 1.3.0 | |
| nuuo | nvrsolo | 1.75 | |
| nuuo | nvrsolo | 2.0.0 | |
| nuuo | nvrsolo | 2.0.1 | |
| nuuo | nvrsolo | 2.1.5 | |
| nuuo | nvrsolo | 2.2.2 | |
| nuuo | nvrsolo | 2.3 | |
| nuuo | nvrsolo | 2.3.1.20 | |
| nuuo | nvrsolo | 2.3.7.9 | |
| nuuo | nvrsolo | 2.3.7.10 | |
| nuuo | nvrsolo | 2.3.9.6 | |
| nuuo | nvrsolo | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9350713-FE2D-4E0B-9F8C-DC75D39DBE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1225D7-C268-4343-9988-7A75416B9860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B4596B86-FE04-4EF0-B2B0-DEA2F435FF19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "000CBDBE-2C3C-4502-86A7-C3D098DE3C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA3A6C7-3EB1-466F-A2A4-C221821D1811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D6B8FE-33D3-4080-BFF4-7EE8E2554CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FC066D-B18D-4BC3-B43B-AA83EB186C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D335E352-75D8-4A05-A040-2543B2B016DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F373AAC-B792-45AB-B4FE-37FC6A91DE7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD02ABB-65FF-4F08-9C99-69BB03A2AE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "949274A8-E85A-4344-A4F2-2E038B877874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3D600A-4E84-416C-BAAE-70684DCFD15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA286A6-CCCD-419A-B9DC-10F4B59FF2FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825FB36D-A956-4C1A-8347-54847D2A165E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "786F893A-E3F2-4FC5-A43D-4812CCEF4C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3CF36E-67F3-40B9-A5F2-64B0165CA6C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.0.117:*:*:*:*:*:*:*",
"matchCriteriaId": "0796B887-E3B9-4A15-99E5-B1853E02D6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BBFC870-408C-447D-B36F-0720074BAEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67ADE7D2-BEB9-4333-8211-CF8C84E85B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24440F32-559E-407F-BC83-A272DEA20002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6486CDA6-FEDD-4A3D-8123-0A1C71699FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.75:*:*:*:*:*:*:*",
"matchCriteriaId": "E652B5F9-1A30-4830-A6C3-666998D29225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C09EB9FB-26CB-4A2D-9113-882D80BC9BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D76A17A-872C-4281-8525-BA9388F181F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEC215A-2E41-4CF6-BB86-BC472CDDC9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF7E86B-2D6D-41B2-B676-D963FAF622A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C23EF235-9834-48E7-8B92-AE0EE0F461B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "CE643FA9-EF8E-43A3-8E0C-819EC434040F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4347D1E4-E162-462E-9A30-2DF79A0010EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "20B9E362-D36F-49BC-B695-46796662A3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "51998757-3AAB-40E4-BDAB-B027843F1DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCF388E-9FBD-4A85-9BA6-0DF7C85632EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request."
},
{
"lang": "es",
"value": "NUUO NVRmini 2 1.7.5 hasta la versi\u00f3n 3.0.0, NUUO NVRsolo 1.0.0 hasta la versi\u00f3n 3.0.0 y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versi\u00f3n 1.4.1 tienen una contrase\u00f1a codificada qwe23622260 para la cuenta nuuoeng, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n __nvr_status___.php."
}
],
"id": "CVE-2016-5677",
"lastModified": "2024-11-21T02:54:48.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-31T15:59:03.640",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/40200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-31 15:59
Modified
2024-11-21 02:54
Severity ?
Summary
NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/92318 | ||
| cret@cert.org | https://www.exploit-db.com/exploits/40200/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92318 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40200/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nuuo | nvrmini_2 | 1.0.0 | |
| nuuo | nvrmini_2 | 1.1.0 | |
| nuuo | nvrmini_2 | 1.3.0 | |
| nuuo | nvrmini_2 | 1.3.2 | |
| nuuo | nvrmini_2 | 1.4.0 | |
| nuuo | nvrmini_2 | 1.5.1 | |
| nuuo | nvrmini_2 | 1.5.2 | |
| nuuo | nvrmini_2 | 1.6.0 | |
| nuuo | nvrmini_2 | 1.6.1 | |
| nuuo | nvrmini_2 | 1.6.2 | |
| nuuo | nvrmini_2 | 1.6.4 | |
| nuuo | nvrmini_2 | 1.7.0 | |
| nuuo | nvrmini_2 | 1.7.1 | |
| nuuo | nvrmini_2 | 1.7.2 | |
| nuuo | nvrmini_2 | 1.7.5 | |
| nuuo | nvrmini_2 | 1.7.6 | |
| nuuo | nvrmini_2 | 2.0.0 | |
| nuuo | nvrmini_2 | 2.2.1 | |
| nuuo | nvrmini_2 | 3.0.0 | |
| nuuo | nvrsolo | 1.0.0 | |
| nuuo | nvrsolo | 1.0.1 | |
| nuuo | nvrsolo | 1.1.0 | |
| nuuo | nvrsolo | 1.1.0.117 | |
| nuuo | nvrsolo | 1.1.1 | |
| nuuo | nvrsolo | 1.1.2 | |
| nuuo | nvrsolo | 1.2.0 | |
| nuuo | nvrsolo | 1.3.0 | |
| nuuo | nvrsolo | 1.75 | |
| nuuo | nvrsolo | 2.0.0 | |
| nuuo | nvrsolo | 2.0.1 | |
| nuuo | nvrsolo | 2.1.5 | |
| nuuo | nvrsolo | 2.2.2 | |
| nuuo | nvrsolo | 2.3 | |
| nuuo | nvrsolo | 2.3.1.20 | |
| nuuo | nvrsolo | 2.3.7.9 | |
| nuuo | nvrsolo | 2.3.7.10 | |
| nuuo | nvrsolo | 2.3.9.6 | |
| nuuo | nvrsolo | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21DA50EB-719E-4226-97AF-5DB8A6465825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "711F783D-1CB0-4C82-8E1A-538C4B8FE21B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E99AF4F7-B23A-4966-99CD-ECC45B018995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2345305B-8C92-48E4-84F7-A44ED1E44DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "359D8204-E88C-44FF-8C46-1C131F03D040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CE9AAE4-3E79-4504-B7C1-2A3D36BEF90E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F11EB77F-41E2-47EE-A13B-235E5606AEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32872292-7606-4634-BCA1-2D5FE1E33F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A52B2CA-F7F4-4A8B-8C2D-1FF07A22DCE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4831A4A4-134E-40EE-B33F-40569E213E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3466104B-B6DF-4026-BD81-3AD622B9723B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02A8ECFB-39E9-4E40-9008-F0F51762C221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36F91C7D-DC43-41AD-A426-167E148AC050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42017532-038A-42B5-910E-734FC930C6B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F373AAC-B792-45AB-B4FE-37FC6A91DE7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD02ABB-65FF-4F08-9C99-69BB03A2AE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "949274A8-E85A-4344-A4F2-2E038B877874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3D600A-4E84-416C-BAAE-70684DCFD15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA286A6-CCCD-419A-B9DC-10F4B59FF2FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825FB36D-A956-4C1A-8347-54847D2A165E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "786F893A-E3F2-4FC5-A43D-4812CCEF4C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3CF36E-67F3-40B9-A5F2-64B0165CA6C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.0.117:*:*:*:*:*:*:*",
"matchCriteriaId": "0796B887-E3B9-4A15-99E5-B1853E02D6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BBFC870-408C-447D-B36F-0720074BAEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67ADE7D2-BEB9-4333-8211-CF8C84E85B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24440F32-559E-407F-BC83-A272DEA20002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6486CDA6-FEDD-4A3D-8123-0A1C71699FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.75:*:*:*:*:*:*:*",
"matchCriteriaId": "E652B5F9-1A30-4830-A6C3-666998D29225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C09EB9FB-26CB-4A2D-9113-882D80BC9BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D76A17A-872C-4281-8525-BA9388F181F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEC215A-2E41-4CF6-BB86-BC472CDDC9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF7E86B-2D6D-41B2-B676-D963FAF622A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C23EF235-9834-48E7-8B92-AE0EE0F461B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "CE643FA9-EF8E-43A3-8E0C-819EC434040F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4347D1E4-E162-462E-9A30-2DF79A0010EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "20B9E362-D36F-49BC-B695-46796662A3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "51998757-3AAB-40E4-BDAB-B027843F1DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCF388E-9FBD-4A85-9BA6-0DF7C85632EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors."
},
{
"lang": "es",
"value": "NUUO NVRmini 2 1.0.0 hasta la versi\u00f3n 3.0.0 y NUUO NVRsolo 1.0.0 hasta la versi\u00f3n 3.0.0 tienen credenciales root codificadas, lo que permite a atacantes remotos obtener acceso administrativo a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-5678",
"lastModified": "2024-11-21T02:54:48.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-31T15:59:04.747",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/40200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-31 15:59
Modified
2024-11-21 02:54
Severity ?
Summary
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/92318 | ||
| cret@cert.org | https://www.exploit-db.com/exploits/40200/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92318 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40200/ |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD02ABB-65FF-4F08-9C99-69BB03A2AE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "949274A8-E85A-4344-A4F2-2E038B877874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3D600A-4E84-416C-BAAE-70684DCFD15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA286A6-CCCD-419A-B9DC-10F4B59FF2FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1225D7-C268-4343-9988-7A75416B9860",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command."
},
{
"lang": "es",
"value": "cgi-bin/cgi_main en NUUO NVRmini 2 1.7.6 hasta la versi\u00f3n 3.0.0 y NETGEAR ReadyNAS Surveillance 1.1.2 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de metacaract\u00e9res shell en el par\u00e1metro sn al comando transfer_license."
}
],
"id": "CVE-2016-5679",
"lastModified": "2024-11-21T02:54:48.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-31T15:59:05.750",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/40200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-29 07:29
Modified
2024-11-21 03:43
Severity ?
Summary
upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/unh3x/just4cve/issues/1 | Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44794/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/unh3x/just4cve/issues/1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44794/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nuuo | nvrmini_2_firmware | * | |
| nuuo | nvrmini_2 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28B4FB40-5DFC-4293-BCAA-5A611A92F90D",
"versionEndIncluding": "3.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nuuo:nvrmini_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC230C90-EB1E-4593-B22D-384EF4BC2A9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files."
},
{
"lang": "es",
"value": "upload.php en dispositivos NUUO NVRmini 2 permite la subida de archivos arbitrarios, como .php."
}
],
"id": "CVE-2018-11523",
"lastModified": "2024-11-21T03:43:32.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-29T07:29:00.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/unh3x/just4cve/issues/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44794/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/unh3x/just4cve/issues/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44794/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-31 15:59
Modified
2024-11-21 02:54
Severity ?
Summary
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/92318 | ||
| cret@cert.org | https://www.exploit-db.com/exploits/40200/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92318 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40200/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | readynas_surveillance | 1.1.1 | |
| netgear | readynas_surveillance | 1.1.2 | |
| netgear | readynas_surveillance | 1.2.0.4 | |
| netgear | readynas_surveillance | 1.3.2.4 | |
| netgear | readynas_surveillance | 1.3.2.14 | |
| netgear | readynas_surveillance | 1.4.0 | |
| netgear | readynas_surveillance | 1.4.1 | |
| netgear | readynas_surveillance | 1.4.2 | |
| nuuo | nvrsolo | 1.75 | |
| nuuo | nvrsolo | 2.0.0 | |
| nuuo | nvrsolo | 2.0.1 | |
| nuuo | nvrsolo | 2.1.5 | |
| nuuo | nvrsolo | 2.2.2 | |
| nuuo | nvrsolo | 2.3 | |
| nuuo | nvrsolo | 2.3.1.20 | |
| nuuo | nvrsolo | 2.3.7.9 | |
| nuuo | nvrsolo | 2.3.7.10 | |
| nuuo | nvrsolo | 2.3.9.6 | |
| nuuo | nvrsolo | 3.0.0 | |
| nuuo | nvrmini_2 | 1.7.5 | |
| nuuo | nvrmini_2 | 1.7.6 | |
| nuuo | nvrmini_2 | 2.0.0 | |
| nuuo | nvrmini_2 | 2.2.1 | |
| nuuo | nvrmini_2 | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9350713-FE2D-4E0B-9F8C-DC75D39DBE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1225D7-C268-4343-9988-7A75416B9860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B4596B86-FE04-4EF0-B2B0-DEA2F435FF19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "000CBDBE-2C3C-4502-86A7-C3D098DE3C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA3A6C7-3EB1-466F-A2A4-C221821D1811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D6B8FE-33D3-4080-BFF4-7EE8E2554CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FC066D-B18D-4BC3-B43B-AA83EB186C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D335E352-75D8-4A05-A040-2543B2B016DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.75:*:*:*:*:*:*:*",
"matchCriteriaId": "E652B5F9-1A30-4830-A6C3-666998D29225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C09EB9FB-26CB-4A2D-9113-882D80BC9BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D76A17A-872C-4281-8525-BA9388F181F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEC215A-2E41-4CF6-BB86-BC472CDDC9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF7E86B-2D6D-41B2-B676-D963FAF622A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C23EF235-9834-48E7-8B92-AE0EE0F461B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "CE643FA9-EF8E-43A3-8E0C-819EC434040F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4347D1E4-E162-462E-9A30-2DF79A0010EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "20B9E362-D36F-49BC-B695-46796662A3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "51998757-3AAB-40E4-BDAB-B027843F1DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCF388E-9FBD-4A85-9BA6-0DF7C85632EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F373AAC-B792-45AB-B4FE-37FC6A91DE7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD02ABB-65FF-4F08-9C99-69BB03A2AE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "949274A8-E85A-4344-A4F2-2E038B877874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3D600A-4E84-416C-BAAE-70684DCFD15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA286A6-CCCD-419A-B9DC-10F4B59FF2FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action."
},
{
"lang": "es",
"value": "cgi-bin/cgi_system en NUUO NVRmini 2 1.7.5 hasta la versi\u00f3n 2.x, NUUO NVRsolo 1.7.5 hasta la versi\u00f3n 2.x y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versi\u00f3n 1.4.1 permite a atacantes remotos reiniciar la contrase\u00f1a de administrador a trav\u00e9s de una acci\u00f3n cmd=loaddefconfig."
}
],
"id": "CVE-2016-5676",
"lastModified": "2024-11-21T02:54:48.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-31T15:59:02.657",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/40200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-31 15:59
Modified
2024-11-21 02:54
Severity ?
Summary
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/92318 | ||
| cret@cert.org | https://www.exploit-db.com/exploits/40200/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92318 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40200/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | readynas_surveillance | 1.1.1 | |
| netgear | readynas_surveillance | 1.1.2 | |
| netgear | readynas_surveillance | 1.2.0.4 | |
| netgear | readynas_surveillance | 1.3.2.4 | |
| netgear | readynas_surveillance | 1.3.2.14 | |
| netgear | readynas_surveillance | 1.4.0 | |
| netgear | readynas_surveillance | 1.4.1 | |
| netgear | readynas_surveillance | 1.4.2 | |
| nuuo | nvrmini_2 | 1.7.5 | |
| nuuo | nvrmini_2 | 1.7.6 | |
| nuuo | nvrmini_2 | 2.0.0 | |
| nuuo | nvrmini_2 | 2.2.1 | |
| nuuo | nvrmini_2 | 3.0.0 | |
| nuuo | nvrsolo | 1.75 | |
| nuuo | nvrsolo | 2.0.0 | |
| nuuo | nvrsolo | 2.0.1 | |
| nuuo | nvrsolo | 2.1.5 | |
| nuuo | nvrsolo | 2.2.2 | |
| nuuo | nvrsolo | 2.3 | |
| nuuo | nvrsolo | 2.3.1.20 | |
| nuuo | nvrsolo | 2.3.7.9 | |
| nuuo | nvrsolo | 2.3.7.10 | |
| nuuo | nvrsolo | 2.3.9.6 | |
| nuuo | nvrsolo | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9350713-FE2D-4E0B-9F8C-DC75D39DBE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1225D7-C268-4343-9988-7A75416B9860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B4596B86-FE04-4EF0-B2B0-DEA2F435FF19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "000CBDBE-2C3C-4502-86A7-C3D098DE3C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA3A6C7-3EB1-466F-A2A4-C221821D1811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D6B8FE-33D3-4080-BFF4-7EE8E2554CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FC066D-B18D-4BC3-B43B-AA83EB186C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D335E352-75D8-4A05-A040-2543B2B016DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F373AAC-B792-45AB-B4FE-37FC6A91DE7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD02ABB-65FF-4F08-9C99-69BB03A2AE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "949274A8-E85A-4344-A4F2-2E038B877874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3D600A-4E84-416C-BAAE-70684DCFD15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA286A6-CCCD-419A-B9DC-10F4B59FF2FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.75:*:*:*:*:*:*:*",
"matchCriteriaId": "E652B5F9-1A30-4830-A6C3-666998D29225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C09EB9FB-26CB-4A2D-9113-882D80BC9BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D76A17A-872C-4281-8525-BA9388F181F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEC215A-2E41-4CF6-BB86-BC472CDDC9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF7E86B-2D6D-41B2-B676-D963FAF622A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C23EF235-9834-48E7-8B92-AE0EE0F461B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "CE643FA9-EF8E-43A3-8E0C-819EC434040F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4347D1E4-E162-462E-9A30-2DF79A0010EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "20B9E362-D36F-49BC-B695-46796662A3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "51998757-3AAB-40E4-BDAB-B027843F1DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCF388E-9FBD-4A85-9BA6-0DF7C85632EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter."
},
{
"lang": "es",
"value": "__debugging_center_utils___.php en NUUO NVRmini 2 1.7.5 hasta la versi\u00f3n 3.0.0, NUUO NVRsolo 1.7.5 hasta la versi\u00f3n 3.0.0 y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versi\u00f3n 1.4.1 permite a atacantes remotos ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s del par\u00e1metro de registro."
}
],
"id": "CVE-2016-5674",
"lastModified": "2024-11-21T02:54:48.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-31T15:59:00.153",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/40200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2018-11523
Vulnerability from cvelistv5
Published
2018-05-29 07:00
Modified
2024-08-05 08:10
Severity ?
EPSS score ?
Summary
upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/44794/ | exploit, x_refsource_EXPLOIT-DB | |
| https://github.com/unh3x/just4cve/issues/1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:10:14.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44794",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44794/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/unh3x/just4cve/issues/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-31T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "44794",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44794/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unh3x/just4cve/issues/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44794",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44794/"
},
{
"name": "https://github.com/unh3x/just4cve/issues/1",
"refsource": "MISC",
"url": "https://github.com/unh3x/just4cve/issues/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11523",
"datePublished": "2018-05-29T07:00:00",
"dateReserved": "2018-05-29T00:00:00",
"dateUpdated": "2024-08-05T08:10:14.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5674
Vulnerability from cvelistv5
Published
2016-08-31 15:00
Modified
2024-08-06 01:07
Severity ?
EPSS score ?
Summary
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/856152 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/92318 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/40200/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5674",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5678
Vulnerability from cvelistv5
Published
2016-08-31 15:00
Modified
2024-08-06 01:08
Severity ?
EPSS score ?
Summary
NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/856152 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/92318 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/40200/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:08:00.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5678",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:08:00.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5679
Vulnerability from cvelistv5
Published
2016-08-31 15:00
Modified
2024-08-06 01:08
Severity ?
EPSS score ?
Summary
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/856152 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/92318 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/40200/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:08:00.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5679",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:08:00.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5675
Vulnerability from cvelistv5
Published
2016-08-31 15:00
Modified
2024-08-06 01:07
Severity ?
EPSS score ?
Summary
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/856152 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/92318 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/40200/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5675",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5680
Vulnerability from cvelistv5
Published
2016-08-31 15:00
Modified
2024-08-06 01:07
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/856152 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/92318 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/40200/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5680",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5677
Vulnerability from cvelistv5
Published
2016-08-31 15:00
Modified
2024-08-06 01:07
Severity ?
EPSS score ?
Summary
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/856152 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/92318 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/40200/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5677",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5676
Vulnerability from cvelistv5
Published
2016-08-31 15:00
Modified
2024-08-06 01:07
Severity ?
EPSS score ?
Summary
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/856152 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/92318 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/40200/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5676",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}