NUUO NVRmini 2 1.0.0 up to and including 3.0.0 and NUUO NVRsolo 1.0.0 up to and including 3.0.0 have hardcoded root credentials, which allows remote malicious users to obtain administrative access via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nuuo nvrmini 2 1.6.2 |
||
nuuo nvrmini 2 1.6.1 |
||
nuuo nvrmini 2 1.1.0 |
||
nuuo nvrmini 2 1.0.0 |
||
nuuo nvrmini 2 3.0.0 |
||
nuuo nvrmini 2 1.7.0 |
||
nuuo nvrmini 2 1.6.4 |
||
nuuo nvrmini 2 1.3.2 |
||
nuuo nvrmini 2 1.3.0 |
||
nuuo nvrmini 2 1.6.0 |
||
nuuo nvrmini 2 1.5.2 |
||
nuuo nvrmini 2 2.2.1 |
||
nuuo nvrmini 2 2.0.0 |
||
nuuo nvrmini 2 1.7.2 |
||
nuuo nvrmini 2 1.7.1 |
||
nuuo nvrmini 2 1.5.1 |
||
nuuo nvrmini 2 1.4.0 |
||
nuuo nvrmini 2 1.7.6 |
||
nuuo nvrmini 2 1.7.5 |
||
nuuo nvrsolo 1.2.0 |
||
nuuo nvrsolo 1.1.2 |
||
nuuo nvrsolo 2.3.9.6 |
||
nuuo nvrsolo 2.3.7.10 |
||
nuuo nvrsolo 2.0.0 |
||
nuuo nvrsolo 1.75 |
||
nuuo nvrsolo 1.3.0 |
||
nuuo nvrsolo 1.0.0 |
||
nuuo nvrsolo 3.0.0 |
||
nuuo nvrsolo 2.1.5 |
||
nuuo nvrsolo 2.0.1 |
||
nuuo nvrsolo 1.1.1 |
||
nuuo nvrsolo 1.1.0 |
||
nuuo nvrsolo 2.3.7.9 |
||
nuuo nvrsolo 2.3.1.20 |
||
nuuo nvrsolo 1.1.0.117 |
||
nuuo nvrsolo 1.0.1 |
||
nuuo nvrsolo 2.3 |
||
nuuo nvrsolo 2.2.2 |
Kit from NUUO, Netgear has face-palm grade stoopid
There are multiple Web interface vulnerabilities in a network video recorder under Netgear's ReadyNAS brand and various devices by video recording company NUUO. The affected NUUO units are NVRmini 2, NVRsolo, and Crystal. The CERT advisory lists six Common Vulnerabilities and Exposures (CVE) notices attacked to the affected products, ranging from input validation issues to buffer overruns. Under CVE-2016-5674, there's a hidden page in the Web management interface that looks like someone wrote it...