fkie_nvd - fkie_cve-2016-5677

fkie_cve-2016-5677

Vulnerability from fkie_nvd

Published

2016-08-31 15:59

Modified

2024-11-21 02:54

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.

References

URL	Tags
cret@cert.org	http://www.kb.cert.org/vuls/id/856152	Third Party Advisory, US Government Resource
cret@cert.org	http://www.securityfocus.com/bid/92318
cret@cert.org	https://www.exploit-db.com/exploits/40200/
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/856152	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/92318
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/40200/

Impacted products

Vendor	Product	Version
netgear	readynas_surveillance	1.1.1
netgear	readynas_surveillance	1.1.2
netgear	readynas_surveillance	1.2.0.4
netgear	readynas_surveillance	1.3.2.4
netgear	readynas_surveillance	1.3.2.14
netgear	readynas_surveillance	1.4.0
netgear	readynas_surveillance	1.4.1
netgear	readynas_surveillance	1.4.2
nuuo	nvrmini_2	1.7.5
nuuo	nvrmini_2	1.7.6
nuuo	nvrmini_2	2.0.0
nuuo	nvrmini_2	2.2.1
nuuo	nvrmini_2	3.0.0
nuuo	nvrsolo	1.0.0
nuuo	nvrsolo	1.0.1
nuuo	nvrsolo	1.1.0
nuuo	nvrsolo	1.1.0.117
nuuo	nvrsolo	1.1.1
nuuo	nvrsolo	1.1.2
nuuo	nvrsolo	1.2.0
nuuo	nvrsolo	1.3.0
nuuo	nvrsolo	1.75
nuuo	nvrsolo	2.0.0
nuuo	nvrsolo	2.0.1
nuuo	nvrsolo	2.1.5
nuuo	nvrsolo	2.2.2
nuuo	nvrsolo	2.3
nuuo	nvrsolo	2.3.1.20
nuuo	nvrsolo	2.3.7.9
nuuo	nvrsolo	2.3.7.10
nuuo	nvrsolo	2.3.9.6
nuuo	nvrsolo	3.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9350713-FE2D-4E0B-9F8C-DC75D39DBE94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA1225D7-C268-4343-9988-7A75416B9860",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4596B86-FE04-4EF0-B2B0-DEA2F435FF19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "000CBDBE-2C3C-4502-86A7-C3D098DE3C5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA3A6C7-3EB1-466F-A2A4-C221821D1811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7D6B8FE-33D3-4080-BFF4-7EE8E2554CFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "44FC066D-B18D-4BC3-B43B-AA83EB186C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D335E352-75D8-4A05-A040-2543B2B016DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F373AAC-B792-45AB-B4FE-37FC6A91DE7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BD02ABB-65FF-4F08-9C99-69BB03A2AE07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "949274A8-E85A-4344-A4F2-2E038B877874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD3D600A-4E84-416C-BAAE-70684DCFD15E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EA286A6-CCCD-419A-B9DC-10F4B59FF2FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:nuuo:nvrsolo:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825FB36D-A956-4C1A-8347-54847D2A165E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:nuuo:nvrsolo:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "786F893A-E3F2-4FC5-A43D-4812CCEF4C9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD3CF36E-67F3-40B9-A5F2-64B0165CA6C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.0.117:*:*:*:*:*:*:*",
              "matchCriteriaId": "0796B887-E3B9-4A15-99E5-B1853E02D6EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BBFC870-408C-447D-B36F-0720074BAEF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "67ADE7D2-BEB9-4333-8211-CF8C84E85B25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:nuuo:nvrsolo:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "24440F32-559E-407F-BC83-A272DEA20002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:nuuo:nvrsolo:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6486CDA6-FEDD-4A3D-8123-0A1C71699FB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:nuuo:nvrsolo:1.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "E652B5F9-1A30-4830-A6C3-666998D29225",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C09EB9FB-26CB-4A2D-9113-882D80BC9BBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D76A17A-872C-4281-8525-BA9388F181F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:nuuo:nvrsolo:2.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDEC215A-2E41-4CF6-BB86-BC472CDDC9AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:nuuo:nvrsolo:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EF7E86B-2D6D-41B2-B676-D963FAF622A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C23EF235-9834-48E7-8B92-AE0EE0F461B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE643FA9-EF8E-43A3-8E0C-819EC434040F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4347D1E4-E162-462E-9A30-2DF79A0010EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "20B9E362-D36F-49BC-B695-46796662A3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51998757-3AAB-40E4-BDAB-B027843F1DBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:nuuo:nvrsolo:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCF388E-9FBD-4A85-9BA6-0DF7C85632EC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request."
    },
    {
      "lang": "es",
      "value": "NUUO NVRmini 2 1.7.5 hasta la versi\u00f3n 3.0.0, NUUO NVRsolo 1.0.0 hasta la versi\u00f3n 3.0.0 y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versi\u00f3n 1.4.1 tienen una contrase\u00f1a codificada qwe23622260 para la cuenta nuuoeng, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n __nvr_status___.php."
    }
  ],
  "id": "CVE-2016-5677",
  "lastModified": "2024-11-21T02:54:48.430",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-08-31T15:59:03.640",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/856152"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securityfocus.com/bid/92318"
    },
    {
      "source": "cret@cert.org",
      "url": "https://www.exploit-db.com/exploits/40200/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/856152"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/92318"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/40200/"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2016-5677

Vulnerability from cvelistv5

Published

2016-08-31 15:00

Modified

2024-08-06 01:07