| Description |
|---|
|
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter. Impacted versions: 1.1.1, 1.2.0.4, 1.4.0, 1.3.2.14, 1.3.2.4, 1.4.1, 1.4.2, 1.1.2 Base Score: 10.0, Severity: HIGH, ID: CVE-2016-5675, Last Modified: 2017-09-03T01:29:00Z References Third Party Advisory Third Party Advisory |
|
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter. Impacted versions: 1.1.1, 1.3.2.4, 1.1.2, 1.4.1, 1.2.0.4, 1.4.0, 1.4.2, 1.3.2.14 Base Score: 10.0, Severity: HIGH, ID: CVE-2016-5674, Last Modified: 2017-09-03T01:29:00Z References Third Party Advisory Third Party Advisory |
|
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action. Impacted versions: 1.4.0, 1.2.0.4, 1.4.2, 1.3.2.14, 1.4.1, 1.1.2, 1.1.1, 1.3.2.4 Base Score: 5.0, Severity: MEDIUM, ID: CVE-2016-5676, Last Modified: 2017-09-03T01:29:00Z References Third Party Advisory Third Party Advisory |
|
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request. Impacted versions: 1.1.1, 1.4.2, 1.3.2.4, 1.1.2, 1.3.2.14, 1.4.1, 1.4.0, 1.2.0.4 Base Score: 5.0, Severity: MEDIUM, ID: CVE-2016-5677, Last Modified: 2017-09-03T01:29:00Z References Third Party Advisory Third Party Advisory |
|
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command. Impacted versions: 1.1.2 Base Score: 9.0, Severity: HIGH, ID: CVE-2016-5680, Last Modified: 2017-09-03T01:29:00Z References Third Party Advisory Third Party Advisory |
|
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command. Impacted versions: 1.1.2 Base Score: 9.0, Severity: HIGH, ID: CVE-2016-5679, Last Modified: 2017-09-03T01:29:00Z References Third Party Advisory Third Party Advisory |
USAGE: Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.
