Added: 08/30/2016
CVE: CVE-2016-5674
BID: 92318
NETGEAR ReadyNAS Surveillance combines their storage and switching solution (NETGEAR ReadyNAS Network Attached Storage system) with network video recording software from NUUO to provide an affordable surveillance solution for small businesses.
The web inteface used on NETGEAR ReadyNAS Surveillance contains a hidden file named __debugging_center_utils___.php
that does not properly sanitize user input before passing it to the PHP system()
call. Successful exploit results in command execution as the admin
user.
Contact the vendor for a software upgrade or find a different solution.
<https://www.exploit-db.com/exploits/40200/>
Exploit works on NETGEAR ReadyNAS Surveillance v1.1.1 to v1.4.1.
Linux