Vulnerabilites related to netgear - readynas_surveillance
Vulnerability from fkie_nvd
Published
2016-08-31 15:59
Modified
2024-11-21 02:54
Severity ?
Summary
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/92318 | ||
| cret@cert.org | https://www.exploit-db.com/exploits/40200/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92318 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40200/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | readynas_surveillance | 1.1.1 | |
| netgear | readynas_surveillance | 1.1.2 | |
| netgear | readynas_surveillance | 1.2.0.4 | |
| netgear | readynas_surveillance | 1.3.2.4 | |
| netgear | readynas_surveillance | 1.3.2.14 | |
| netgear | readynas_surveillance | 1.4.0 | |
| netgear | readynas_surveillance | 1.4.1 | |
| netgear | readynas_surveillance | 1.4.2 | |
| nuuo | crystal | 2.2.1 | |
| nuuo | crystal | 3.0.0 | |
| nuuo | crystal | 3.1.0 | |
| nuuo | crystal | 3.2.0 | |
| nuuo | nvrsolo | 1.0.0 | |
| nuuo | nvrsolo | 1.0.1 | |
| nuuo | nvrsolo | 1.1.0 | |
| nuuo | nvrsolo | 1.1.0.117 | |
| nuuo | nvrsolo | 1.1.1 | |
| nuuo | nvrsolo | 1.1.2 | |
| nuuo | nvrsolo | 1.2.0 | |
| nuuo | nvrsolo | 1.3.0 | |
| nuuo | nvrsolo | 1.75 | |
| nuuo | nvrsolo | 2.0.0 | |
| nuuo | nvrsolo | 2.0.1 | |
| nuuo | nvrsolo | 2.1.5 | |
| nuuo | nvrsolo | 2.2.2 | |
| nuuo | nvrsolo | 2.3 | |
| nuuo | nvrsolo | 2.3.1.20 | |
| nuuo | nvrsolo | 2.3.7.9 | |
| nuuo | nvrsolo | 2.3.7.10 | |
| nuuo | nvrsolo | 2.3.9.6 | |
| nuuo | nvrsolo | 3.0.0 | |
| nuuo | nvrmini_2 | 1.7.5 | |
| nuuo | nvrmini_2 | 1.7.6 | |
| nuuo | nvrmini_2 | 2.0.0 | |
| nuuo | nvrmini_2 | 2.2.1 | |
| nuuo | nvrmini_2 | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9350713-FE2D-4E0B-9F8C-DC75D39DBE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1225D7-C268-4343-9988-7A75416B9860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B4596B86-FE04-4EF0-B2B0-DEA2F435FF19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "000CBDBE-2C3C-4502-86A7-C3D098DE3C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA3A6C7-3EB1-466F-A2A4-C221821D1811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D6B8FE-33D3-4080-BFF4-7EE8E2554CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FC066D-B18D-4BC3-B43B-AA83EB186C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D335E352-75D8-4A05-A040-2543B2B016DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nuuo:crystal:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF2E8FD-DD09-41C6-82C8-3B1AD60042A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nuuo:crystal:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "559B9A7D-34FA-4EF3-B7B2-B2115E2D732F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nuuo:crystal:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7336B11-E0A6-4F82-97B6-0765F9016C7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nuuo:crystal:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B387A683-6B92-4EE8-AB11-C6A8F6D1340C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825FB36D-A956-4C1A-8347-54847D2A165E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "786F893A-E3F2-4FC5-A43D-4812CCEF4C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3CF36E-67F3-40B9-A5F2-64B0165CA6C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.0.117:*:*:*:*:*:*:*",
"matchCriteriaId": "0796B887-E3B9-4A15-99E5-B1853E02D6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BBFC870-408C-447D-B36F-0720074BAEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67ADE7D2-BEB9-4333-8211-CF8C84E85B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24440F32-559E-407F-BC83-A272DEA20002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6486CDA6-FEDD-4A3D-8123-0A1C71699FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.75:*:*:*:*:*:*:*",
"matchCriteriaId": "E652B5F9-1A30-4830-A6C3-666998D29225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C09EB9FB-26CB-4A2D-9113-882D80BC9BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D76A17A-872C-4281-8525-BA9388F181F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEC215A-2E41-4CF6-BB86-BC472CDDC9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF7E86B-2D6D-41B2-B676-D963FAF622A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C23EF235-9834-48E7-8B92-AE0EE0F461B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "CE643FA9-EF8E-43A3-8E0C-819EC434040F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4347D1E4-E162-462E-9A30-2DF79A0010EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "20B9E362-D36F-49BC-B695-46796662A3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "51998757-3AAB-40E4-BDAB-B027843F1DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCF388E-9FBD-4A85-9BA6-0DF7C85632EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F373AAC-B792-45AB-B4FE-37FC6A91DE7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD02ABB-65FF-4F08-9C99-69BB03A2AE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "949274A8-E85A-4344-A4F2-2E038B877874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3D600A-4E84-416C-BAAE-70684DCFD15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA286A6-CCCD-419A-B9DC-10F4B59FF2FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter."
},
{
"lang": "es",
"value": "handle_daylightsaving.php en NUUO NVRmini 2 1.7.5 hasta la versi\u00f3n 3.0.0, NUUO NVRsolo 1.0.0 hasta la versi\u00f3n 3.0.0, NUUO Crystal 2.2.1 hasta la versi\u00f3n 3.2.0 y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versi\u00f3n 1.4.1 permite a atacantes remotos ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s del par\u00e1metro NTPServer."
}
],
"id": "CVE-2016-5675",
"lastModified": "2024-11-21T02:54:48.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-31T15:59:01.653",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/40200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-31 15:59
Modified
2024-11-21 02:54
Severity ?
Summary
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/92318 | ||
| cret@cert.org | https://www.exploit-db.com/exploits/40200/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92318 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40200/ |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD02ABB-65FF-4F08-9C99-69BB03A2AE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "949274A8-E85A-4344-A4F2-2E038B877874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3D600A-4E84-416C-BAAE-70684DCFD15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA286A6-CCCD-419A-B9DC-10F4B59FF2FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1225D7-C268-4343-9988-7A75416B9860",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en cgi-bin/cgi_main en NUUO NVRmini 2 1.7.6 hasta la versi\u00f3n 3.0.0 y NETGEAR ReadyNAS Surveillance 1.1.2 permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro sn al comando transfer_license."
}
],
"id": "CVE-2016-5680",
"lastModified": "2024-11-21T02:54:48.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-31T15:59:06.827",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/40200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-28 16:15
Modified
2024-11-21 03:21
Severity ?
Summary
Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | readynas_surveillance | * | |
| netgear | readynas_surveillance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "E5C85C15-2A12-435D-8DF2-C4F3118AFDE0",
"versionEndIncluding": "1.4.3-15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:*:*:*:*:*:*:arm:*",
"matchCriteriaId": "7B5D50E9-DABA-460F-8753-74315C12D901",
"versionEndIncluding": "1.1.4-5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier."
},
{
"lang": "es",
"value": "Determinados dispositivos de NETGEAR est\u00e1n afectados por una vulnerabilidad de tipo CSRF. Esto afecta a ReadyNAS Surveillance versiones 1.4.3-15-x86 y anteriores y a ReadyNAS Surveillance versiones 1.1.4-5-ARM y anteriores."
}
],
"id": "CVE-2017-18861",
"lastModified": "2024-11-21T03:21:07.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-28T16:15:12.623",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000038435/Security-Advisory-for-ReadyNAS-Surveillance-CSRF-Remote-Code-Execution-PSV-2017-0578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000038435/Security-Advisory-for-ReadyNAS-Surveillance-CSRF-Remote-Code-Execution-PSV-2017-0578"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-11 21:29
Modified
2024-11-21 03:19
Severity ?
8.4 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://kb.netgear.com/000049072/Security-Advisory-for-Command-Injection-in-ReadyNAS-Surveillance-Application-PSV-2017-2653 | Vendor Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/42956 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.netgear.com/000049072/Security-Advisory-for-Command-Injection-in-ReadyNAS-Surveillance-Application-PSV-2017-2653 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/42956 | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | readynas_surveillance_firmware | * | |
| netgear | readynas_surveillance_firmware | * | |
| netgear | readynas_surveillance | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:readynas_surveillance_firmware:*:*:*:*:*:*:arm:*",
"matchCriteriaId": "E1815ED4-E574-4B3A-92BD-0DAA2EEB605F",
"versionEndExcluding": "1.1.4-7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netgear:readynas_surveillance_firmware:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "E10517E5-5DA2-4DC8-A273-504B1C91C8FD",
"versionEndExcluding": "1.4.3-17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:readynas_surveillance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF14ED8-692A-432D-B575-9591B5648634",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET[\u0027uploaddir\u0027] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution."
},
{
"lang": "es",
"value": "En NETGEAR ReadyNAS Surveillance anterior de 1.4.3-17 x86 y anterior de 1.1.4-7 ARM, $ _GET [\u0027uploaddir\u0027] no se escapa y se pasa al sistema () a trav\u00e9s de $ tmp_upload_dir, lo que lleva a upgrade_handle.php? Cmd = writeuploaddir Ejecuci\u00f3n remota de comandos."
}
],
"id": "CVE-2017-18378",
"lastModified": "2024-11-21T03:19:58.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-11T21:29:00.520",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000049072/Security-Advisory-for-Command-Injection-in-ReadyNAS-Surveillance-Application-PSV-2017-2653"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000049072/Security-Advisory-for-Command-Injection-in-ReadyNAS-Surveillance-Application-PSV-2017-2653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42956"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-31 15:59
Modified
2024-11-21 02:54
Severity ?
Summary
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/92318 | ||
| cret@cert.org | https://www.exploit-db.com/exploits/40200/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92318 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40200/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | readynas_surveillance | 1.1.1 | |
| netgear | readynas_surveillance | 1.1.2 | |
| netgear | readynas_surveillance | 1.2.0.4 | |
| netgear | readynas_surveillance | 1.3.2.4 | |
| netgear | readynas_surveillance | 1.3.2.14 | |
| netgear | readynas_surveillance | 1.4.0 | |
| netgear | readynas_surveillance | 1.4.1 | |
| netgear | readynas_surveillance | 1.4.2 | |
| nuuo | nvrmini_2 | 1.7.5 | |
| nuuo | nvrmini_2 | 1.7.6 | |
| nuuo | nvrmini_2 | 2.0.0 | |
| nuuo | nvrmini_2 | 2.2.1 | |
| nuuo | nvrmini_2 | 3.0.0 | |
| nuuo | nvrsolo | 1.0.0 | |
| nuuo | nvrsolo | 1.0.1 | |
| nuuo | nvrsolo | 1.1.0 | |
| nuuo | nvrsolo | 1.1.0.117 | |
| nuuo | nvrsolo | 1.1.1 | |
| nuuo | nvrsolo | 1.1.2 | |
| nuuo | nvrsolo | 1.2.0 | |
| nuuo | nvrsolo | 1.3.0 | |
| nuuo | nvrsolo | 1.75 | |
| nuuo | nvrsolo | 2.0.0 | |
| nuuo | nvrsolo | 2.0.1 | |
| nuuo | nvrsolo | 2.1.5 | |
| nuuo | nvrsolo | 2.2.2 | |
| nuuo | nvrsolo | 2.3 | |
| nuuo | nvrsolo | 2.3.1.20 | |
| nuuo | nvrsolo | 2.3.7.9 | |
| nuuo | nvrsolo | 2.3.7.10 | |
| nuuo | nvrsolo | 2.3.9.6 | |
| nuuo | nvrsolo | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9350713-FE2D-4E0B-9F8C-DC75D39DBE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1225D7-C268-4343-9988-7A75416B9860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B4596B86-FE04-4EF0-B2B0-DEA2F435FF19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "000CBDBE-2C3C-4502-86A7-C3D098DE3C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA3A6C7-3EB1-466F-A2A4-C221821D1811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D6B8FE-33D3-4080-BFF4-7EE8E2554CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FC066D-B18D-4BC3-B43B-AA83EB186C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D335E352-75D8-4A05-A040-2543B2B016DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F373AAC-B792-45AB-B4FE-37FC6A91DE7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD02ABB-65FF-4F08-9C99-69BB03A2AE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "949274A8-E85A-4344-A4F2-2E038B877874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3D600A-4E84-416C-BAAE-70684DCFD15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA286A6-CCCD-419A-B9DC-10F4B59FF2FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825FB36D-A956-4C1A-8347-54847D2A165E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "786F893A-E3F2-4FC5-A43D-4812CCEF4C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3CF36E-67F3-40B9-A5F2-64B0165CA6C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.0.117:*:*:*:*:*:*:*",
"matchCriteriaId": "0796B887-E3B9-4A15-99E5-B1853E02D6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BBFC870-408C-447D-B36F-0720074BAEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67ADE7D2-BEB9-4333-8211-CF8C84E85B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24440F32-559E-407F-BC83-A272DEA20002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6486CDA6-FEDD-4A3D-8123-0A1C71699FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.75:*:*:*:*:*:*:*",
"matchCriteriaId": "E652B5F9-1A30-4830-A6C3-666998D29225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C09EB9FB-26CB-4A2D-9113-882D80BC9BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D76A17A-872C-4281-8525-BA9388F181F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEC215A-2E41-4CF6-BB86-BC472CDDC9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF7E86B-2D6D-41B2-B676-D963FAF622A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C23EF235-9834-48E7-8B92-AE0EE0F461B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "CE643FA9-EF8E-43A3-8E0C-819EC434040F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4347D1E4-E162-462E-9A30-2DF79A0010EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "20B9E362-D36F-49BC-B695-46796662A3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "51998757-3AAB-40E4-BDAB-B027843F1DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCF388E-9FBD-4A85-9BA6-0DF7C85632EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request."
},
{
"lang": "es",
"value": "NUUO NVRmini 2 1.7.5 hasta la versi\u00f3n 3.0.0, NUUO NVRsolo 1.0.0 hasta la versi\u00f3n 3.0.0 y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versi\u00f3n 1.4.1 tienen una contrase\u00f1a codificada qwe23622260 para la cuenta nuuoeng, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n __nvr_status___.php."
}
],
"id": "CVE-2016-5677",
"lastModified": "2024-11-21T02:54:48.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-31T15:59:03.640",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/40200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-28 16:15
Modified
2024-11-21 02:45
Severity ?
Summary
Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | readynas_surveillance | * | |
| netgear | readynas_surveillance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1419B616-36AE-4339-AAAE-66D5D5995A7B",
"versionEndIncluding": "1.1.1-3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FFE6D994-47CD-4162-A72A-BE2B511B94EA",
"versionEndIncluding": "1.4.1-3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier."
},
{
"lang": "es",
"value": "Determinados dispositivos de NETGEAR est\u00e1n afectados por el acceso root an\u00f3nimo. Esto afecta a ReadyNAS Surveillance versiones 1.1.1-3-armel y anteriores y ReadyNAS Surveillance versiones 1.4.1-3-amd64 y anteriores."
}
],
"id": "CVE-2016-11056",
"lastModified": "2024-11-21T02:45:23.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-28T16:15:12.543",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/30275/ReadyNAS-Surveillance-Security-Vulnerability-Announcement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/30275/ReadyNAS-Surveillance-Security-Vulnerability-Announcement"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-31 15:59
Modified
2024-11-21 02:54
Severity ?
Summary
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/92318 | ||
| cret@cert.org | https://www.exploit-db.com/exploits/40200/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92318 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40200/ |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD02ABB-65FF-4F08-9C99-69BB03A2AE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "949274A8-E85A-4344-A4F2-2E038B877874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3D600A-4E84-416C-BAAE-70684DCFD15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA286A6-CCCD-419A-B9DC-10F4B59FF2FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1225D7-C268-4343-9988-7A75416B9860",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command."
},
{
"lang": "es",
"value": "cgi-bin/cgi_main en NUUO NVRmini 2 1.7.6 hasta la versi\u00f3n 3.0.0 y NETGEAR ReadyNAS Surveillance 1.1.2 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de metacaract\u00e9res shell en el par\u00e1metro sn al comando transfer_license."
}
],
"id": "CVE-2016-5679",
"lastModified": "2024-11-21T02:54:48.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-31T15:59:05.750",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/40200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-31 15:59
Modified
2024-11-21 02:54
Severity ?
Summary
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/92318 | ||
| cret@cert.org | https://www.exploit-db.com/exploits/40200/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92318 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40200/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | readynas_surveillance | 1.1.1 | |
| netgear | readynas_surveillance | 1.1.2 | |
| netgear | readynas_surveillance | 1.2.0.4 | |
| netgear | readynas_surveillance | 1.3.2.4 | |
| netgear | readynas_surveillance | 1.3.2.14 | |
| netgear | readynas_surveillance | 1.4.0 | |
| netgear | readynas_surveillance | 1.4.1 | |
| netgear | readynas_surveillance | 1.4.2 | |
| nuuo | nvrsolo | 1.75 | |
| nuuo | nvrsolo | 2.0.0 | |
| nuuo | nvrsolo | 2.0.1 | |
| nuuo | nvrsolo | 2.1.5 | |
| nuuo | nvrsolo | 2.2.2 | |
| nuuo | nvrsolo | 2.3 | |
| nuuo | nvrsolo | 2.3.1.20 | |
| nuuo | nvrsolo | 2.3.7.9 | |
| nuuo | nvrsolo | 2.3.7.10 | |
| nuuo | nvrsolo | 2.3.9.6 | |
| nuuo | nvrsolo | 3.0.0 | |
| nuuo | nvrmini_2 | 1.7.5 | |
| nuuo | nvrmini_2 | 1.7.6 | |
| nuuo | nvrmini_2 | 2.0.0 | |
| nuuo | nvrmini_2 | 2.2.1 | |
| nuuo | nvrmini_2 | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9350713-FE2D-4E0B-9F8C-DC75D39DBE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1225D7-C268-4343-9988-7A75416B9860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B4596B86-FE04-4EF0-B2B0-DEA2F435FF19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "000CBDBE-2C3C-4502-86A7-C3D098DE3C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA3A6C7-3EB1-466F-A2A4-C221821D1811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D6B8FE-33D3-4080-BFF4-7EE8E2554CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FC066D-B18D-4BC3-B43B-AA83EB186C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D335E352-75D8-4A05-A040-2543B2B016DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.75:*:*:*:*:*:*:*",
"matchCriteriaId": "E652B5F9-1A30-4830-A6C3-666998D29225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C09EB9FB-26CB-4A2D-9113-882D80BC9BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D76A17A-872C-4281-8525-BA9388F181F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEC215A-2E41-4CF6-BB86-BC472CDDC9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF7E86B-2D6D-41B2-B676-D963FAF622A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C23EF235-9834-48E7-8B92-AE0EE0F461B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "CE643FA9-EF8E-43A3-8E0C-819EC434040F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4347D1E4-E162-462E-9A30-2DF79A0010EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "20B9E362-D36F-49BC-B695-46796662A3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "51998757-3AAB-40E4-BDAB-B027843F1DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCF388E-9FBD-4A85-9BA6-0DF7C85632EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F373AAC-B792-45AB-B4FE-37FC6A91DE7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD02ABB-65FF-4F08-9C99-69BB03A2AE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "949274A8-E85A-4344-A4F2-2E038B877874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3D600A-4E84-416C-BAAE-70684DCFD15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA286A6-CCCD-419A-B9DC-10F4B59FF2FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action."
},
{
"lang": "es",
"value": "cgi-bin/cgi_system en NUUO NVRmini 2 1.7.5 hasta la versi\u00f3n 2.x, NUUO NVRsolo 1.7.5 hasta la versi\u00f3n 2.x y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versi\u00f3n 1.4.1 permite a atacantes remotos reiniciar la contrase\u00f1a de administrador a trav\u00e9s de una acci\u00f3n cmd=loaddefconfig."
}
],
"id": "CVE-2016-5676",
"lastModified": "2024-11-21T02:54:48.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-31T15:59:02.657",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/40200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-31 15:59
Modified
2024-11-21 02:54
Severity ?
Summary
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/92318 | ||
| cret@cert.org | https://www.exploit-db.com/exploits/40200/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92318 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40200/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | readynas_surveillance | 1.1.1 | |
| netgear | readynas_surveillance | 1.1.2 | |
| netgear | readynas_surveillance | 1.2.0.4 | |
| netgear | readynas_surveillance | 1.3.2.4 | |
| netgear | readynas_surveillance | 1.3.2.14 | |
| netgear | readynas_surveillance | 1.4.0 | |
| netgear | readynas_surveillance | 1.4.1 | |
| netgear | readynas_surveillance | 1.4.2 | |
| nuuo | nvrmini_2 | 1.7.5 | |
| nuuo | nvrmini_2 | 1.7.6 | |
| nuuo | nvrmini_2 | 2.0.0 | |
| nuuo | nvrmini_2 | 2.2.1 | |
| nuuo | nvrmini_2 | 3.0.0 | |
| nuuo | nvrsolo | 1.75 | |
| nuuo | nvrsolo | 2.0.0 | |
| nuuo | nvrsolo | 2.0.1 | |
| nuuo | nvrsolo | 2.1.5 | |
| nuuo | nvrsolo | 2.2.2 | |
| nuuo | nvrsolo | 2.3 | |
| nuuo | nvrsolo | 2.3.1.20 | |
| nuuo | nvrsolo | 2.3.7.9 | |
| nuuo | nvrsolo | 2.3.7.10 | |
| nuuo | nvrsolo | 2.3.9.6 | |
| nuuo | nvrsolo | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9350713-FE2D-4E0B-9F8C-DC75D39DBE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1225D7-C268-4343-9988-7A75416B9860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B4596B86-FE04-4EF0-B2B0-DEA2F435FF19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "000CBDBE-2C3C-4502-86A7-C3D098DE3C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA3A6C7-3EB1-466F-A2A4-C221821D1811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D6B8FE-33D3-4080-BFF4-7EE8E2554CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FC066D-B18D-4BC3-B43B-AA83EB186C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D335E352-75D8-4A05-A040-2543B2B016DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F373AAC-B792-45AB-B4FE-37FC6A91DE7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD02ABB-65FF-4F08-9C99-69BB03A2AE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "949274A8-E85A-4344-A4F2-2E038B877874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3D600A-4E84-416C-BAAE-70684DCFD15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA286A6-CCCD-419A-B9DC-10F4B59FF2FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.75:*:*:*:*:*:*:*",
"matchCriteriaId": "E652B5F9-1A30-4830-A6C3-666998D29225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C09EB9FB-26CB-4A2D-9113-882D80BC9BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D76A17A-872C-4281-8525-BA9388F181F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEC215A-2E41-4CF6-BB86-BC472CDDC9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF7E86B-2D6D-41B2-B676-D963FAF622A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C23EF235-9834-48E7-8B92-AE0EE0F461B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "CE643FA9-EF8E-43A3-8E0C-819EC434040F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4347D1E4-E162-462E-9A30-2DF79A0010EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "20B9E362-D36F-49BC-B695-46796662A3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "51998757-3AAB-40E4-BDAB-B027843F1DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCF388E-9FBD-4A85-9BA6-0DF7C85632EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter."
},
{
"lang": "es",
"value": "__debugging_center_utils___.php en NUUO NVRmini 2 1.7.5 hasta la versi\u00f3n 3.0.0, NUUO NVRsolo 1.7.5 hasta la versi\u00f3n 3.0.0 y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versi\u00f3n 1.4.1 permite a atacantes remotos ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s del par\u00e1metro de registro."
}
],
"id": "CVE-2016-5674",
"lastModified": "2024-11-21T02:54:48.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-31T15:59:00.153",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/40200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2016-5674
Vulnerability from cvelistv5
Published
2016-08-31 15:00
Modified
2024-08-06 01:07
Severity ?
EPSS score ?
Summary
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/856152 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/92318 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/40200/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5674",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-11056
Vulnerability from cvelistv5
Published
2020-04-28 16:00
Modified
2024-08-06 03:47
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.netgear.com/30275/ReadyNAS-Surveillance-Security-Vulnerability-Announcement | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:33.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/30275/ReadyNAS-Surveillance-Security-Vulnerability-Announcement"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T16:00:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/30275/ReadyNAS-Surveillance-Security-Vulnerability-Announcement"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/30275/ReadyNAS-Surveillance-Security-Vulnerability-Announcement",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/30275/ReadyNAS-Surveillance-Security-Vulnerability-Announcement"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-11056",
"datePublished": "2020-04-28T16:00:35",
"dateReserved": "2020-04-27T00:00:00",
"dateUpdated": "2024-08-06T03:47:33.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5679
Vulnerability from cvelistv5
Published
2016-08-31 15:00
Modified
2024-08-06 01:08
Severity ?
EPSS score ?
Summary
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/856152 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/92318 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/40200/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:08:00.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5679",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:08:00.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18378
Vulnerability from cvelistv5
Published
2019-06-11 20:44
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.netgear.com/000049072/Security-Advisory-for-Command-Injection-in-ReadyNAS-Surveillance-Application-PSV-2017-2653 | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/42956 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.netgear.com/000049072/Security-Advisory-for-Command-Injection-in-ReadyNAS-Surveillance-Application-PSV-2017-2653"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42956"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET[\u0027uploaddir\u0027] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-11T20:44:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.netgear.com/000049072/Security-Advisory-for-Command-Injection-in-ReadyNAS-Surveillance-Application-PSV-2017-2653"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/42956"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET[\u0027uploaddir\u0027] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000049072/Security-Advisory-for-Command-Injection-in-ReadyNAS-Surveillance-Application-PSV-2017-2653",
"refsource": "MISC",
"url": "https://kb.netgear.com/000049072/Security-Advisory-for-Command-Injection-in-ReadyNAS-Surveillance-Application-PSV-2017-2653"
},
{
"name": "https://www.exploit-db.com/exploits/42956",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/42956"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18378",
"datePublished": "2019-06-11T20:44:55",
"dateReserved": "2019-06-11T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18861
Vulnerability from cvelistv5
Published
2020-04-28 15:53
Modified
2024-08-05 21:37
Severity ?
EPSS score ?
Summary
Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:37:44.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/000038435/Security-Advisory-for-ReadyNAS-Surveillance-CSRF-Remote-Code-Execution-PSV-2017-0578"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T15:53:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/000038435/Security-Advisory-for-ReadyNAS-Surveillance-CSRF-Remote-Code-Execution-PSV-2017-0578"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000038435/Security-Advisory-for-ReadyNAS-Surveillance-CSRF-Remote-Code-Execution-PSV-2017-0578",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/000038435/Security-Advisory-for-ReadyNAS-Surveillance-CSRF-Remote-Code-Execution-PSV-2017-0578"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18861",
"datePublished": "2020-04-28T15:53:13",
"dateReserved": "2020-04-27T00:00:00",
"dateUpdated": "2024-08-05T21:37:44.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5675
Vulnerability from cvelistv5
Published
2016-08-31 15:00
Modified
2024-08-06 01:07
Severity ?
EPSS score ?
Summary
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/856152 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/92318 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/40200/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5675",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5680
Vulnerability from cvelistv5
Published
2016-08-31 15:00
Modified
2024-08-06 01:07
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/856152 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/92318 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/40200/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5680",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5677
Vulnerability from cvelistv5
Published
2016-08-31 15:00
Modified
2024-08-06 01:07
Severity ?
EPSS score ?
Summary
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/856152 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/92318 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/40200/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5677",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5676
Vulnerability from cvelistv5
Published
2016-08-31 15:00
Modified
2024-08-06 01:07
Severity ?
EPSS score ?
Summary
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/856152 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/92318 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/40200/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5676",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}