45 matches found
CVE-2017-18378
In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $GET'uploaddir' is not escaped and is passed to system through $tmpuploaddir, leading to upgradehandle.php?cmd=writeuploaddir remote command execution...
EUVD-2017-9952
Malware in sbrugna...
EUVD-2016-2045
Malware in sbrugna...
VulnCheck KEV: CVE-2017-18378
In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $GET'uploaddir' is not escaped and is passed to system through $tmpuploaddir, leading to upgradehandle.php?cmd=writeuploaddir remote command execution...
VulnCheck KEV: CVE-2016-5680
Stack-based buffer overflow in cgi-bin/cgimain in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transferlicense command...
VulnCheck KEV: CVE-2016-5674
debuggingcenterutils.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter...
CVE-2017-18861
Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier...
CVE-2017-18861
Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier...
CVE-2016-11056
Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier...
CVE-2016-11056
Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier...
Cross site request forgery (csrf)
Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier...
CVE-2016-11056
Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier...
CVE-2017-18861
Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier...
VulnCheck KEV: CVE-2016-5679
cgi-bin/cgimain in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transferlicense command...
NETGEAR ReadyNAS Surveillance Command Injection Vulnerability
NETGEAR ReadyNAS Surveillance is an add-on application for NETGEAR ReadyNAS from NETGEAR. The program extends surveillance video management capabilities for NETGEAR ReadyNAS devices. A command injection vulnerability exists in NETGEAR ReadyNAS Surveillance versions prior to 1.4.3-17 x86 and prior...
CVE-2017-18378
In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $GET'uploaddir' is not escaped and is passed to system through $tmpuploaddir, leading to upgradehandle.php?cmd=writeuploaddir remote command execution...
CVE-2017-18378
The CVE-2017-18378 vulnerability affects NETGEAR ReadyNAS Surveillance prior to 1.4.3-17 (x86) and 1.1.4-7 (ARM). The issue is a failure to escape $_GET['uploaddir'], which is passed to system() via $tmp_upload_dir, enabling remote command execution via upgrade_handle.php?cmd=writeuploaddir. Publ...
Netgear ReadyNAS Surveillance Unauthenticated Remote Command Execution
Vulnerability summary The following advisory describes an Unauthenticated Remote Command Execution vulnerability found in Netgear ReadyNAS Surveillance. Netgear ReadyNAS Surveillance – Small businesses and corporate branch offices require a secure way to protect physical assets, but often lack th...
Netgear ReadyNAS Surveillance 1.4.3-16 Remote Command Execution
Exploit Netgear ReadyNAS Surveillance 1.4.3-16 Unauthenticated RCE Date: 27.09.2017 Software Link: https://www.netgear.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1. Description $GET'uploaddir' is not escaped a...
Netgear ReadyNAS Surveillance Remote Code Execution Vulnerability
NetGear ReadyNAS Surveillance is a comprehensive IP video surveillance solution from NetGear that integrates video surveillance software, storage, switching and network management. A remote code execution vulnerability exists in Netgear ReadyNAS Surveillance. An attacker does not need to be...