Search criteria
24 vulnerabilities found for readynas_surveillance by netgear
FKIE_CVE-2017-18861
Vulnerability from fkie_nvd - Published: 2020-04-28 16:15 - Updated: 2024-11-21 03:21
Severity ?
Summary
Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | readynas_surveillance | * | |
| netgear | readynas_surveillance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "E5C85C15-2A12-435D-8DF2-C4F3118AFDE0",
"versionEndIncluding": "1.4.3-15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:*:*:*:*:*:*:arm:*",
"matchCriteriaId": "7B5D50E9-DABA-460F-8753-74315C12D901",
"versionEndIncluding": "1.1.4-5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier."
},
{
"lang": "es",
"value": "Determinados dispositivos de NETGEAR est\u00e1n afectados por una vulnerabilidad de tipo CSRF. Esto afecta a ReadyNAS Surveillance versiones 1.4.3-15-x86 y anteriores y a ReadyNAS Surveillance versiones 1.1.4-5-ARM y anteriores."
}
],
"id": "CVE-2017-18861",
"lastModified": "2024-11-21T03:21:07.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-28T16:15:12.623",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000038435/Security-Advisory-for-ReadyNAS-Surveillance-CSRF-Remote-Code-Execution-PSV-2017-0578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000038435/Security-Advisory-for-ReadyNAS-Surveillance-CSRF-Remote-Code-Execution-PSV-2017-0578"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-11056
Vulnerability from fkie_nvd - Published: 2020-04-28 16:15 - Updated: 2024-11-21 02:45
Severity ?
Summary
Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | readynas_surveillance | * | |
| netgear | readynas_surveillance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1419B616-36AE-4339-AAAE-66D5D5995A7B",
"versionEndIncluding": "1.1.1-3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "FFE6D994-47CD-4162-A72A-BE2B511B94EA",
"versionEndIncluding": "1.4.1-3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier."
},
{
"lang": "es",
"value": "Determinados dispositivos de NETGEAR est\u00e1n afectados por el acceso root an\u00f3nimo. Esto afecta a ReadyNAS Surveillance versiones 1.1.1-3-armel y anteriores y ReadyNAS Surveillance versiones 1.4.1-3-amd64 y anteriores."
}
],
"id": "CVE-2016-11056",
"lastModified": "2024-11-21T02:45:23.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-28T16:15:12.543",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/30275/ReadyNAS-Surveillance-Security-Vulnerability-Announcement"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/30275/ReadyNAS-Surveillance-Security-Vulnerability-Announcement"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-5680
Vulnerability from fkie_nvd - Published: 2016-08-31 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/92318 | ||
| cret@cert.org | https://www.exploit-db.com/exploits/40200/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92318 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40200/ |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD02ABB-65FF-4F08-9C99-69BB03A2AE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "949274A8-E85A-4344-A4F2-2E038B877874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3D600A-4E84-416C-BAAE-70684DCFD15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA286A6-CCCD-419A-B9DC-10F4B59FF2FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1225D7-C268-4343-9988-7A75416B9860",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en cgi-bin/cgi_main en NUUO NVRmini 2 1.7.6 hasta la versi\u00f3n 3.0.0 y NETGEAR ReadyNAS Surveillance 1.1.2 permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro sn al comando transfer_license."
}
],
"id": "CVE-2016-5680",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-31T15:59:06.827",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/40200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-5679
Vulnerability from fkie_nvd - Published: 2016-08-31 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/92318 | ||
| cret@cert.org | https://www.exploit-db.com/exploits/40200/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92318 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40200/ |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD02ABB-65FF-4F08-9C99-69BB03A2AE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "949274A8-E85A-4344-A4F2-2E038B877874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3D600A-4E84-416C-BAAE-70684DCFD15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA286A6-CCCD-419A-B9DC-10F4B59FF2FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1225D7-C268-4343-9988-7A75416B9860",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command."
},
{
"lang": "es",
"value": "cgi-bin/cgi_main en NUUO NVRmini 2 1.7.6 hasta la versi\u00f3n 3.0.0 y NETGEAR ReadyNAS Surveillance 1.1.2 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de metacaract\u00e9res shell en el par\u00e1metro sn al comando transfer_license."
}
],
"id": "CVE-2016-5679",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-31T15:59:05.750",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/40200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-5677
Vulnerability from fkie_nvd - Published: 2016-08-31 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/92318 | ||
| cret@cert.org | https://www.exploit-db.com/exploits/40200/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92318 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40200/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | readynas_surveillance | 1.1.1 | |
| netgear | readynas_surveillance | 1.1.2 | |
| netgear | readynas_surveillance | 1.2.0.4 | |
| netgear | readynas_surveillance | 1.3.2.4 | |
| netgear | readynas_surveillance | 1.3.2.14 | |
| netgear | readynas_surveillance | 1.4.0 | |
| netgear | readynas_surveillance | 1.4.1 | |
| netgear | readynas_surveillance | 1.4.2 | |
| nuuo | nvrmini_2 | 1.7.5 | |
| nuuo | nvrmini_2 | 1.7.6 | |
| nuuo | nvrmini_2 | 2.0.0 | |
| nuuo | nvrmini_2 | 2.2.1 | |
| nuuo | nvrmini_2 | 3.0.0 | |
| nuuo | nvrsolo | 1.0.0 | |
| nuuo | nvrsolo | 1.0.1 | |
| nuuo | nvrsolo | 1.1.0 | |
| nuuo | nvrsolo | 1.1.0.117 | |
| nuuo | nvrsolo | 1.1.1 | |
| nuuo | nvrsolo | 1.1.2 | |
| nuuo | nvrsolo | 1.2.0 | |
| nuuo | nvrsolo | 1.3.0 | |
| nuuo | nvrsolo | 1.75 | |
| nuuo | nvrsolo | 2.0.0 | |
| nuuo | nvrsolo | 2.0.1 | |
| nuuo | nvrsolo | 2.1.5 | |
| nuuo | nvrsolo | 2.2.2 | |
| nuuo | nvrsolo | 2.3 | |
| nuuo | nvrsolo | 2.3.1.20 | |
| nuuo | nvrsolo | 2.3.7.9 | |
| nuuo | nvrsolo | 2.3.7.10 | |
| nuuo | nvrsolo | 2.3.9.6 | |
| nuuo | nvrsolo | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9350713-FE2D-4E0B-9F8C-DC75D39DBE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1225D7-C268-4343-9988-7A75416B9860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B4596B86-FE04-4EF0-B2B0-DEA2F435FF19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "000CBDBE-2C3C-4502-86A7-C3D098DE3C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA3A6C7-3EB1-466F-A2A4-C221821D1811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D6B8FE-33D3-4080-BFF4-7EE8E2554CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FC066D-B18D-4BC3-B43B-AA83EB186C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D335E352-75D8-4A05-A040-2543B2B016DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F373AAC-B792-45AB-B4FE-37FC6A91DE7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD02ABB-65FF-4F08-9C99-69BB03A2AE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "949274A8-E85A-4344-A4F2-2E038B877874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3D600A-4E84-416C-BAAE-70684DCFD15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA286A6-CCCD-419A-B9DC-10F4B59FF2FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825FB36D-A956-4C1A-8347-54847D2A165E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "786F893A-E3F2-4FC5-A43D-4812CCEF4C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3CF36E-67F3-40B9-A5F2-64B0165CA6C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.0.117:*:*:*:*:*:*:*",
"matchCriteriaId": "0796B887-E3B9-4A15-99E5-B1853E02D6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BBFC870-408C-447D-B36F-0720074BAEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67ADE7D2-BEB9-4333-8211-CF8C84E85B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24440F32-559E-407F-BC83-A272DEA20002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6486CDA6-FEDD-4A3D-8123-0A1C71699FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.75:*:*:*:*:*:*:*",
"matchCriteriaId": "E652B5F9-1A30-4830-A6C3-666998D29225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C09EB9FB-26CB-4A2D-9113-882D80BC9BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D76A17A-872C-4281-8525-BA9388F181F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEC215A-2E41-4CF6-BB86-BC472CDDC9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF7E86B-2D6D-41B2-B676-D963FAF622A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C23EF235-9834-48E7-8B92-AE0EE0F461B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "CE643FA9-EF8E-43A3-8E0C-819EC434040F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4347D1E4-E162-462E-9A30-2DF79A0010EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "20B9E362-D36F-49BC-B695-46796662A3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "51998757-3AAB-40E4-BDAB-B027843F1DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCF388E-9FBD-4A85-9BA6-0DF7C85632EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request."
},
{
"lang": "es",
"value": "NUUO NVRmini 2 1.7.5 hasta la versi\u00f3n 3.0.0, NUUO NVRsolo 1.0.0 hasta la versi\u00f3n 3.0.0 y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versi\u00f3n 1.4.1 tienen una contrase\u00f1a codificada qwe23622260 para la cuenta nuuoeng, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n __nvr_status___.php."
}
],
"id": "CVE-2016-5677",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-31T15:59:03.640",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/40200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-5676
Vulnerability from fkie_nvd - Published: 2016-08-31 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/92318 | ||
| cret@cert.org | https://www.exploit-db.com/exploits/40200/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92318 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40200/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | readynas_surveillance | 1.1.1 | |
| netgear | readynas_surveillance | 1.1.2 | |
| netgear | readynas_surveillance | 1.2.0.4 | |
| netgear | readynas_surveillance | 1.3.2.4 | |
| netgear | readynas_surveillance | 1.3.2.14 | |
| netgear | readynas_surveillance | 1.4.0 | |
| netgear | readynas_surveillance | 1.4.1 | |
| netgear | readynas_surveillance | 1.4.2 | |
| nuuo | nvrsolo | 1.75 | |
| nuuo | nvrsolo | 2.0.0 | |
| nuuo | nvrsolo | 2.0.1 | |
| nuuo | nvrsolo | 2.1.5 | |
| nuuo | nvrsolo | 2.2.2 | |
| nuuo | nvrsolo | 2.3 | |
| nuuo | nvrsolo | 2.3.1.20 | |
| nuuo | nvrsolo | 2.3.7.9 | |
| nuuo | nvrsolo | 2.3.7.10 | |
| nuuo | nvrsolo | 2.3.9.6 | |
| nuuo | nvrsolo | 3.0.0 | |
| nuuo | nvrmini_2 | 1.7.5 | |
| nuuo | nvrmini_2 | 1.7.6 | |
| nuuo | nvrmini_2 | 2.0.0 | |
| nuuo | nvrmini_2 | 2.2.1 | |
| nuuo | nvrmini_2 | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9350713-FE2D-4E0B-9F8C-DC75D39DBE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1225D7-C268-4343-9988-7A75416B9860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B4596B86-FE04-4EF0-B2B0-DEA2F435FF19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "000CBDBE-2C3C-4502-86A7-C3D098DE3C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA3A6C7-3EB1-466F-A2A4-C221821D1811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D6B8FE-33D3-4080-BFF4-7EE8E2554CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FC066D-B18D-4BC3-B43B-AA83EB186C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D335E352-75D8-4A05-A040-2543B2B016DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.75:*:*:*:*:*:*:*",
"matchCriteriaId": "E652B5F9-1A30-4830-A6C3-666998D29225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C09EB9FB-26CB-4A2D-9113-882D80BC9BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D76A17A-872C-4281-8525-BA9388F181F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEC215A-2E41-4CF6-BB86-BC472CDDC9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF7E86B-2D6D-41B2-B676-D963FAF622A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C23EF235-9834-48E7-8B92-AE0EE0F461B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "CE643FA9-EF8E-43A3-8E0C-819EC434040F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4347D1E4-E162-462E-9A30-2DF79A0010EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "20B9E362-D36F-49BC-B695-46796662A3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "51998757-3AAB-40E4-BDAB-B027843F1DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCF388E-9FBD-4A85-9BA6-0DF7C85632EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F373AAC-B792-45AB-B4FE-37FC6A91DE7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD02ABB-65FF-4F08-9C99-69BB03A2AE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "949274A8-E85A-4344-A4F2-2E038B877874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3D600A-4E84-416C-BAAE-70684DCFD15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA286A6-CCCD-419A-B9DC-10F4B59FF2FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action."
},
{
"lang": "es",
"value": "cgi-bin/cgi_system en NUUO NVRmini 2 1.7.5 hasta la versi\u00f3n 2.x, NUUO NVRsolo 1.7.5 hasta la versi\u00f3n 2.x y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versi\u00f3n 1.4.1 permite a atacantes remotos reiniciar la contrase\u00f1a de administrador a trav\u00e9s de una acci\u00f3n cmd=loaddefconfig."
}
],
"id": "CVE-2016-5676",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-31T15:59:02.657",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/40200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-5675
Vulnerability from fkie_nvd - Published: 2016-08-31 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/92318 | ||
| cret@cert.org | https://www.exploit-db.com/exploits/40200/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92318 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40200/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | readynas_surveillance | 1.1.1 | |
| netgear | readynas_surveillance | 1.1.2 | |
| netgear | readynas_surveillance | 1.2.0.4 | |
| netgear | readynas_surveillance | 1.3.2.4 | |
| netgear | readynas_surveillance | 1.3.2.14 | |
| netgear | readynas_surveillance | 1.4.0 | |
| netgear | readynas_surveillance | 1.4.1 | |
| netgear | readynas_surveillance | 1.4.2 | |
| nuuo | crystal | 2.2.1 | |
| nuuo | crystal | 3.0.0 | |
| nuuo | crystal | 3.1.0 | |
| nuuo | crystal | 3.2.0 | |
| nuuo | nvrsolo | 1.0.0 | |
| nuuo | nvrsolo | 1.0.1 | |
| nuuo | nvrsolo | 1.1.0 | |
| nuuo | nvrsolo | 1.1.0.117 | |
| nuuo | nvrsolo | 1.1.1 | |
| nuuo | nvrsolo | 1.1.2 | |
| nuuo | nvrsolo | 1.2.0 | |
| nuuo | nvrsolo | 1.3.0 | |
| nuuo | nvrsolo | 1.75 | |
| nuuo | nvrsolo | 2.0.0 | |
| nuuo | nvrsolo | 2.0.1 | |
| nuuo | nvrsolo | 2.1.5 | |
| nuuo | nvrsolo | 2.2.2 | |
| nuuo | nvrsolo | 2.3 | |
| nuuo | nvrsolo | 2.3.1.20 | |
| nuuo | nvrsolo | 2.3.7.9 | |
| nuuo | nvrsolo | 2.3.7.10 | |
| nuuo | nvrsolo | 2.3.9.6 | |
| nuuo | nvrsolo | 3.0.0 | |
| nuuo | nvrmini_2 | 1.7.5 | |
| nuuo | nvrmini_2 | 1.7.6 | |
| nuuo | nvrmini_2 | 2.0.0 | |
| nuuo | nvrmini_2 | 2.2.1 | |
| nuuo | nvrmini_2 | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9350713-FE2D-4E0B-9F8C-DC75D39DBE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1225D7-C268-4343-9988-7A75416B9860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B4596B86-FE04-4EF0-B2B0-DEA2F435FF19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "000CBDBE-2C3C-4502-86A7-C3D098DE3C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA3A6C7-3EB1-466F-A2A4-C221821D1811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D6B8FE-33D3-4080-BFF4-7EE8E2554CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FC066D-B18D-4BC3-B43B-AA83EB186C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D335E352-75D8-4A05-A040-2543B2B016DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nuuo:crystal:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF2E8FD-DD09-41C6-82C8-3B1AD60042A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nuuo:crystal:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "559B9A7D-34FA-4EF3-B7B2-B2115E2D732F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nuuo:crystal:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7336B11-E0A6-4F82-97B6-0765F9016C7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nuuo:crystal:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B387A683-6B92-4EE8-AB11-C6A8F6D1340C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825FB36D-A956-4C1A-8347-54847D2A165E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "786F893A-E3F2-4FC5-A43D-4812CCEF4C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3CF36E-67F3-40B9-A5F2-64B0165CA6C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.0.117:*:*:*:*:*:*:*",
"matchCriteriaId": "0796B887-E3B9-4A15-99E5-B1853E02D6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BBFC870-408C-447D-B36F-0720074BAEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67ADE7D2-BEB9-4333-8211-CF8C84E85B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24440F32-559E-407F-BC83-A272DEA20002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6486CDA6-FEDD-4A3D-8123-0A1C71699FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.75:*:*:*:*:*:*:*",
"matchCriteriaId": "E652B5F9-1A30-4830-A6C3-666998D29225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C09EB9FB-26CB-4A2D-9113-882D80BC9BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D76A17A-872C-4281-8525-BA9388F181F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEC215A-2E41-4CF6-BB86-BC472CDDC9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF7E86B-2D6D-41B2-B676-D963FAF622A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C23EF235-9834-48E7-8B92-AE0EE0F461B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "CE643FA9-EF8E-43A3-8E0C-819EC434040F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4347D1E4-E162-462E-9A30-2DF79A0010EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "20B9E362-D36F-49BC-B695-46796662A3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "51998757-3AAB-40E4-BDAB-B027843F1DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCF388E-9FBD-4A85-9BA6-0DF7C85632EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F373AAC-B792-45AB-B4FE-37FC6A91DE7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD02ABB-65FF-4F08-9C99-69BB03A2AE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "949274A8-E85A-4344-A4F2-2E038B877874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3D600A-4E84-416C-BAAE-70684DCFD15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA286A6-CCCD-419A-B9DC-10F4B59FF2FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter."
},
{
"lang": "es",
"value": "handle_daylightsaving.php en NUUO NVRmini 2 1.7.5 hasta la versi\u00f3n 3.0.0, NUUO NVRsolo 1.0.0 hasta la versi\u00f3n 3.0.0, NUUO Crystal 2.2.1 hasta la versi\u00f3n 3.2.0 y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versi\u00f3n 1.4.1 permite a atacantes remotos ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s del par\u00e1metro NTPServer."
}
],
"id": "CVE-2016-5675",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-31T15:59:01.653",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/40200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-5674
Vulnerability from fkie_nvd - Published: 2016-08-31 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/92318 | ||
| cret@cert.org | https://www.exploit-db.com/exploits/40200/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/856152 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92318 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40200/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | readynas_surveillance | 1.1.1 | |
| netgear | readynas_surveillance | 1.1.2 | |
| netgear | readynas_surveillance | 1.2.0.4 | |
| netgear | readynas_surveillance | 1.3.2.4 | |
| netgear | readynas_surveillance | 1.3.2.14 | |
| netgear | readynas_surveillance | 1.4.0 | |
| netgear | readynas_surveillance | 1.4.1 | |
| netgear | readynas_surveillance | 1.4.2 | |
| nuuo | nvrmini_2 | 1.7.5 | |
| nuuo | nvrmini_2 | 1.7.6 | |
| nuuo | nvrmini_2 | 2.0.0 | |
| nuuo | nvrmini_2 | 2.2.1 | |
| nuuo | nvrmini_2 | 3.0.0 | |
| nuuo | nvrsolo | 1.75 | |
| nuuo | nvrsolo | 2.0.0 | |
| nuuo | nvrsolo | 2.0.1 | |
| nuuo | nvrsolo | 2.1.5 | |
| nuuo | nvrsolo | 2.2.2 | |
| nuuo | nvrsolo | 2.3 | |
| nuuo | nvrsolo | 2.3.1.20 | |
| nuuo | nvrsolo | 2.3.7.9 | |
| nuuo | nvrsolo | 2.3.7.10 | |
| nuuo | nvrsolo | 2.3.9.6 | |
| nuuo | nvrsolo | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9350713-FE2D-4E0B-9F8C-DC75D39DBE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1225D7-C268-4343-9988-7A75416B9860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B4596B86-FE04-4EF0-B2B0-DEA2F435FF19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "000CBDBE-2C3C-4502-86A7-C3D098DE3C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA3A6C7-3EB1-466F-A2A4-C221821D1811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D6B8FE-33D3-4080-BFF4-7EE8E2554CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44FC066D-B18D-4BC3-B43B-AA83EB186C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D335E352-75D8-4A05-A040-2543B2B016DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F373AAC-B792-45AB-B4FE-37FC6A91DE7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD02ABB-65FF-4F08-9C99-69BB03A2AE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "949274A8-E85A-4344-A4F2-2E038B877874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3D600A-4E84-416C-BAAE-70684DCFD15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA286A6-CCCD-419A-B9DC-10F4B59FF2FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.75:*:*:*:*:*:*:*",
"matchCriteriaId": "E652B5F9-1A30-4830-A6C3-666998D29225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C09EB9FB-26CB-4A2D-9113-882D80BC9BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D76A17A-872C-4281-8525-BA9388F181F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEC215A-2E41-4CF6-BB86-BC472CDDC9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF7E86B-2D6D-41B2-B676-D963FAF622A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C23EF235-9834-48E7-8B92-AE0EE0F461B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "CE643FA9-EF8E-43A3-8E0C-819EC434040F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4347D1E4-E162-462E-9A30-2DF79A0010EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "20B9E362-D36F-49BC-B695-46796662A3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "51998757-3AAB-40E4-BDAB-B027843F1DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:nuuo:nvrsolo:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCF388E-9FBD-4A85-9BA6-0DF7C85632EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter."
},
{
"lang": "es",
"value": "__debugging_center_utils___.php en NUUO NVRmini 2 1.7.5 hasta la versi\u00f3n 3.0.0, NUUO NVRsolo 1.7.5 hasta la versi\u00f3n 3.0.0 y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versi\u00f3n 1.4.1 permite a atacantes remotos ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s del par\u00e1metro de registro."
}
],
"id": "CVE-2016-5674",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-31T15:59:00.153",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/40200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2016-11056 (GCVE-0-2016-11056)
Vulnerability from cvelistv5 – Published: 2020-04-28 16:00 – Updated: 2024-08-06 03:47
VLAI?
Summary
Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:33.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/30275/ReadyNAS-Surveillance-Security-Vulnerability-Announcement"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T16:00:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/30275/ReadyNAS-Surveillance-Security-Vulnerability-Announcement"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/30275/ReadyNAS-Surveillance-Security-Vulnerability-Announcement",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/30275/ReadyNAS-Surveillance-Security-Vulnerability-Announcement"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-11056",
"datePublished": "2020-04-28T16:00:35",
"dateReserved": "2020-04-27T00:00:00",
"dateUpdated": "2024-08-06T03:47:33.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18861 (GCVE-0-2017-18861)
Vulnerability from cvelistv5 – Published: 2020-04-28 15:53 – Updated: 2024-08-05 21:37
VLAI?
Summary
Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:37:44.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/000038435/Security-Advisory-for-ReadyNAS-Surveillance-CSRF-Remote-Code-Execution-PSV-2017-0578"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T15:53:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/000038435/Security-Advisory-for-ReadyNAS-Surveillance-CSRF-Remote-Code-Execution-PSV-2017-0578"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000038435/Security-Advisory-for-ReadyNAS-Surveillance-CSRF-Remote-Code-Execution-PSV-2017-0578",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/000038435/Security-Advisory-for-ReadyNAS-Surveillance-CSRF-Remote-Code-Execution-PSV-2017-0578"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18861",
"datePublished": "2020-04-28T15:53:13",
"dateReserved": "2020-04-27T00:00:00",
"dateUpdated": "2024-08-05T21:37:44.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5677 (GCVE-0-2016-5677)
Vulnerability from cvelistv5 – Published: 2016-08-31 15:00 – Updated: 2024-08-06 01:07
VLAI?
Summary
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5677",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5674 (GCVE-0-2016-5674)
Vulnerability from cvelistv5 – Published: 2016-08-31 15:00 – Updated: 2024-08-06 01:07
VLAI?
Summary
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5674",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5676 (GCVE-0-2016-5676)
Vulnerability from cvelistv5 – Published: 2016-08-31 15:00 – Updated: 2024-08-06 01:07
VLAI?
Summary
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5676",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5680 (GCVE-0-2016-5680)
Vulnerability from cvelistv5 – Published: 2016-08-31 15:00 – Updated: 2024-08-06 01:07
VLAI?
Summary
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5680",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5675 (GCVE-0-2016-5675)
Vulnerability from cvelistv5 – Published: 2016-08-31 15:00 – Updated: 2024-08-06 01:07
VLAI?
Summary
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5675",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5679 (GCVE-0-2016-5679)
Vulnerability from cvelistv5 – Published: 2016-08-31 15:00 – Updated: 2024-08-06 01:08
VLAI?
Summary
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:08:00.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5679",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:08:00.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-11056 (GCVE-0-2016-11056)
Vulnerability from nvd – Published: 2020-04-28 16:00 – Updated: 2024-08-06 03:47
VLAI?
Summary
Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:33.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/30275/ReadyNAS-Surveillance-Security-Vulnerability-Announcement"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T16:00:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/30275/ReadyNAS-Surveillance-Security-Vulnerability-Announcement"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/30275/ReadyNAS-Surveillance-Security-Vulnerability-Announcement",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/30275/ReadyNAS-Surveillance-Security-Vulnerability-Announcement"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-11056",
"datePublished": "2020-04-28T16:00:35",
"dateReserved": "2020-04-27T00:00:00",
"dateUpdated": "2024-08-06T03:47:33.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18861 (GCVE-0-2017-18861)
Vulnerability from nvd – Published: 2020-04-28 15:53 – Updated: 2024-08-05 21:37
VLAI?
Summary
Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:37:44.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.netgear.com/000038435/Security-Advisory-for-ReadyNAS-Surveillance-CSRF-Remote-Code-Execution-PSV-2017-0578"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T15:53:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.netgear.com/000038435/Security-Advisory-for-ReadyNAS-Surveillance-CSRF-Remote-Code-Execution-PSV-2017-0578"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netgear.com/000038435/Security-Advisory-for-ReadyNAS-Surveillance-CSRF-Remote-Code-Execution-PSV-2017-0578",
"refsource": "CONFIRM",
"url": "https://kb.netgear.com/000038435/Security-Advisory-for-ReadyNAS-Surveillance-CSRF-Remote-Code-Execution-PSV-2017-0578"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18861",
"datePublished": "2020-04-28T15:53:13",
"dateReserved": "2020-04-27T00:00:00",
"dateUpdated": "2024-08-05T21:37:44.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5677 (GCVE-0-2016-5677)
Vulnerability from nvd – Published: 2016-08-31 15:00 – Updated: 2024-08-06 01:07
VLAI?
Summary
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5677",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5674 (GCVE-0-2016-5674)
Vulnerability from nvd – Published: 2016-08-31 15:00 – Updated: 2024-08-06 01:07
VLAI?
Summary
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5674",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5676 (GCVE-0-2016-5676)
Vulnerability from nvd – Published: 2016-08-31 15:00 – Updated: 2024-08-06 01:07
VLAI?
Summary
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5676",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5680 (GCVE-0-2016-5680)
Vulnerability from nvd – Published: 2016-08-31 15:00 – Updated: 2024-08-06 01:07
VLAI?
Summary
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5680",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5675 (GCVE-0-2016-5675)
Vulnerability from nvd – Published: 2016-08-31 15:00 – Updated: 2024-08-06 01:07
VLAI?
Summary
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:07:59.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5675",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:07:59.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5679 (GCVE-0-2016-5679)
Vulnerability from nvd – Published: 2016-08-31 15:00 – Updated: 2024-08-06 01:08
VLAI?
Summary
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:08:00.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#856152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-5679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#856152",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856152"
},
{
"name": "92318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92318"
},
{
"name": "40200",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-5679",
"datePublished": "2016-08-31T15:00:00",
"dateReserved": "2016-06-16T00:00:00",
"dateUpdated": "2024-08-06T01:08:00.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}