Lucene search

CertccCVE-2016-5680

HistoryAug 31, 2016 - 3:59 p.m.

CVE-2016-5680

2016-08-3115:59:06

CWE-119

certcc

web.nvd.nist.gov

cve-2016-5680

stack-based buffer overflow

nuuo nvrmini

netgear readynas surveillance

remote code execution

authenticated users

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.02

Percentile

88.8%

JSON

Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.

Affected configurations

Nvd

Node

nuuonvrmini_2Match1.7.6

nuuonvrmini_2Match2.0.0

nuuonvrmini_2Match2.2.1

nuuonvrmini_2Match3.0.0

Node

netgearreadynas_surveillanceMatch1.1.2

VendorProductVersionCPE
nuuonvrmini_21.7.6cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*
nuuonvrmini_22.0.0cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*
nuuonvrmini_22.2.1cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*
nuuonvrmini_23.0.0cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*
netgearreadynas_surveillance1.1.2cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nuuo	nvrmini_2	1.7.6	cpe:2.3:o:nuuo:nvrmini_2:1.7.6:::::::*
nuuo	nvrmini_2	2.0.0	cpe:2.3:o:nuuo:nvrmini_2:2.0.0:::::::*
nuuo	nvrmini_2	2.2.1	cpe:2.3:o:nuuo:nvrmini_2:2.2.1:::::::*
nuuo	nvrmini_2	3.0.0	cpe:2.3:o:nuuo:nvrmini_2:3.0.0:::::::*
netgear	readynas_surveillance	1.1.2	cpe:2.3:a:netgear:readynas_surveillance:1.1.2:::::::*