Published: 31/08/2016 Updated: 03/09/2017

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 up to and including 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nuuo nvrmini 2 3.0.0
nuuo nvrmini 2 2.2.1
nuuo nvrmini 2 2.0.0
nuuo nvrmini 2 1.7.6
netgear readynas surveillance 1.1.2

>> Multiple vulnerabilities in NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS Surveillance application >> Discovered by Pedro Ribeiro (pedrib@gmailcom), Agile Information Security (wwwagileinfoseccouk/) ========================================================================== Disclosure: 04/08/2016 / Last upd ...

NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS suffer from multiple security issues that result in remote code execution, backdoor access, buffer overflow, and various other vulnerabilities ...

Video surveillance recorders riddled with zero-days

The Register • Richard Chirgwin • 07 Aug 2016

Kit from NUUO, Netgear has face-palm grade stoopid

There are multiple Web interface vulnerabilities in a network video recorder under Netgear's ReadyNAS brand and various devices by video recording company NUUO. The affected NUUO units are NVRmini 2, NVRsolo, and Crystal. The CERT advisory lists six Common Vulnerabilities and Exposures (CVE) notices attacked to the affected products, ranging from input validation issues to buffer overruns. Under CVE-2016-5674, there's a hidden page in the Web management interface that looks like someone wrote it...

CVE-2016-5679

Vulnerability Summary

Exploits

Recent Articles

References

Vulmon Search

About

Products

Connect