122 matches found
Hardcoded credentials
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an nvrstatus.php request...
Hardcoded credentials
NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors...
Code injection
handledaylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter...
Code injection
debuggingcenterutils.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter...
CVE-2016-5678
NUUUO NVRmini 2 and NVRsolo (firmware 1.0.0–3.0.0) are affected by CVE-2016-5678, which contains two hardcoded root passwords in firmware images. This enables unauthenticated remote admin access if exploited through the device web interfaces. Public PoCs and exploits exist (e.g., Exploit DB, CERT...
CVE-2016-5680
Stack-based buffer overflow in cgi-bin/cgimain in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transferlicense command...
CVE-2016-5676
cgi-bin/cgisystem in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action...
CVE-2016-5678
NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors...
CVE-2016-5679
cgi-bin/cgimain in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transferlicense command...
CVE-2016-5674
CVE-2016-5674 affects NUUO NVRmini 2 (versions 1.7.5–3.0.0), NVRsolo (1.7.5–3.0.0), and NETGEAR ReadyNAS Surveillance (1.1.1–1.4.1). The vulnerability lies in the web-facing page debugging_center_utils _.php, where the log parameter is not properly validated and is passed to system(), enabling un...
CVE-2016-5677
CVE-2016-5677 affects NUUO NVRmini 2, NVRsolo, and NETGEAR ReadyNAS Surveillance (firmware 1.1.1–1.4.1). A hidden page (nvr_status _.php) uses hardcoded credentials nuuoeng:qwe23622260, enabling an unauthenticated attacker to retrieve sensitive information (current processes, memory, filesystem s...
CVE-2016-5677
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an nvrstatus.php request...
EUVD-2016-6623
cgi-bin/cgimain in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transferlicense command...
CVE-2016-5675
CVE-2016-5675 affects NUUO NVRmini 2 (v1.7.5–v3.0.0), NVRsolo (v1.0.0–v3.0.0), NUUO Crystal (v2.2.1–v3.2.0), and NetGear ReadyNAS Surveillance (v1.1.1–v1.4.1). The flaw lies in handle_daylightsaving.php where the NTPServer parameter is not sanitized before being passed to system(), enabling an un...
CVE-2016-5680
CVE-2016-5680 corresponds to a stack-based buffer overflow in NUUO NVRmini 2 (firmware 1.7.6–3.0.0) and NETGEAR ReadyNAS Surveillance 1.1.2, triggered by the sn parameter to the transfer_license command in the cgi_main binary. The issue allows remote or local code execution and is part of a broad...
CVE-2016-5679
The CVE-2016-5679 issue affects NUUO NVRmini 2 (versions 1.7.6–3.0.0) and NETGEAR ReadyNAS Surveillance (1.1.2). The root cause is improper input validation in the transfer_license command’s sn parameter, allowing shell metacharacters to be injected. This can let an authenticated user execute arb...
CVE-2016-5674
debuggingcenterutils .php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...
NUUO NVRmini 2 <= 3.0.8 LFI Vulnerability - Active Check
NUUO NVRmini 2 devices are prone to a local file disclosure LFI vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
NUUO NVRmini 2 <= 3.0.8 Multiple Vulnerabilities - Active Check
NUUO NVRmini 2 devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nuuo:nuuo";...
Information Disclosure Vulnerabilities in Multiple NUUO and NetGear Products
NUUO NVRmini 2 and NVRsolo are network video recorders.NetGear ReadyNAS Surveillance is a comprehensive IP video surveillance solution that integrates video surveillance software, storage, switching, and network management.NUUO Crystal is a Linux-based enterprise VMS Virtual Memory System NUUO...