CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.4%
Added: 08/30/2016
CVE: CVE-2016-5674
BID: 92318
NETGEAR ReadyNAS Surveillance combines their storage and switching solution (NETGEAR ReadyNAS Network Attached Storage system) with network video recording software from NUUO to provide an affordable surveillance solution for small businesses.
The web inteface used on NETGEAR ReadyNAS Surveillance contains a hidden file named __debugging_center_utils___.php
that does not properly sanitize user input before passing it to the PHP system()
call. Successful exploit results in command execution as the admin
user.
Contact the vendor for a software upgrade or find a different solution.
<https://www.exploit-db.com/exploits/40200/>
Exploit works on NETGEAR ReadyNAS Surveillance v1.1.1 to v1.4.1.
Linux
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.4%