Lucene search
+L

122 matches found

prion
prion
added 2016/08/31 3:59 p.m.24 views

Hardcoded credentials

NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an nvrstatus.php request...

5CVSS6.8AI score0.11989EPSS
Exploits4References3Affected Software3
prion
prion
added 2016/08/31 3:59 p.m.16 views

Hardcoded credentials

NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors...

10CVSS7.1AI score0.08682EPSS
Exploits4References3Affected Software2
prion
prion
added 2016/08/31 3:59 p.m.16 views

Code injection

handledaylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter...

10CVSS8AI score0.70877EPSS
Exploits7References3Affected Software4
prion
prion
added 2016/08/31 3:59 p.m.26 views

Code injection

debuggingcenterutils.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter...

10CVSS8AI score0.9461EPSS
Exploits11References3Affected Software3
cve
cve
added 2016/08/31 3:0 p.m.60 views

CVE-2016-5678

NUUUO NVRmini 2 and NVRsolo (firmware 1.0.0–3.0.0) are affected by CVE-2016-5678, which contains two hardcoded root passwords in firmware images. This enables unauthenticated remote admin access if exploited through the device web interfaces. Public PoCs and exploits exist (e.g., Exploit DB, CERT...

10CVSS7.7AI score0.08682EPSS
Exploits4References3Affected Software1
cvelist
cvelist
added 2016/08/31 3:0 p.m.24 views

CVE-2016-5680

Stack-based buffer overflow in cgi-bin/cgimain in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transferlicense command...

8AI score0.16752EPSS
Exploits4References3
cvelist
cvelist
added 2016/08/31 3:0 p.m.29 views

CVE-2016-5676

cgi-bin/cgisystem in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action...

7AI score0.53715EPSS
Exploits6References3
cvelist
cvelist
added 2016/08/31 3:0 p.m.21 views

CVE-2016-5678

NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors...

7.9AI score0.08682EPSS
Exploits4References3
cvelist
cvelist
added 2016/08/31 3:0 p.m.21 views

CVE-2016-5679

cgi-bin/cgimain in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transferlicense command...

7.8AI score0.14119EPSS
Exploits4References3
cve
cve
added 2016/08/31 3:0 p.m.216 views

CVE-2016-5674

CVE-2016-5674 affects NUUO NVRmini 2 (versions 1.7.5–3.0.0), NVRsolo (1.7.5–3.0.0), and NETGEAR ReadyNAS Surveillance (1.1.1–1.4.1). The vulnerability lies in the web-facing page debugging_center_utils _.php, where the log parameter is not properly validated and is passed to system(), enabling un...

10CVSS8.3AI score0.9461EPSS
In wildExploits11References3Affected Software1
cve
cve
added 2016/08/31 3:0 p.m.67 views

CVE-2016-5677

CVE-2016-5677 affects NUUO NVRmini 2, NVRsolo, and NETGEAR ReadyNAS Surveillance (firmware 1.1.1–1.4.1). A hidden page (nvr_status _.php) uses hardcoded credentials nuuoeng:qwe23622260, enabling an unauthenticated attacker to retrieve sensitive information (current processes, memory, filesystem s...

7.5CVSS7.7AI score0.11989EPSS
Exploits4References3Affected Software1
cvelist
cvelist
added 2016/08/31 3:0 p.m.24 views

CVE-2016-5677

NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an nvrstatus.php request...

7AI score0.11989EPSS
Exploits4References3
euvd
euvd
added 2016/08/31 3:0 p.m.7 views

EUVD-2016-6623

cgi-bin/cgimain in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transferlicense command...

9CVSS9.1AI score0.14119EPSS
Exploits4References4
cve
cve
added 2016/08/31 3:0 p.m.84 views

CVE-2016-5675

CVE-2016-5675 affects NUUO NVRmini 2 (v1.7.5–v3.0.0), NVRsolo (v1.0.0–v3.0.0), NUUO Crystal (v2.2.1–v3.2.0), and NetGear ReadyNAS Surveillance (v1.1.1–v1.4.1). The flaw lies in handle_daylightsaving.php where the NTPServer parameter is not sanitized before being passed to system(), enabling an un...

10CVSS8.3AI score0.70877EPSS
Exploits7References3Affected Software1
cve
cve
added 2016/08/31 3:0 p.m.60 views

CVE-2016-5680

CVE-2016-5680 corresponds to a stack-based buffer overflow in NUUO NVRmini 2 (firmware 1.7.6–3.0.0) and NETGEAR ReadyNAS Surveillance 1.1.2, triggered by the sn parameter to the transfer_license command in the cgi_main binary. The issue allows remote or local code execution and is part of a broad...

9CVSS8.3AI score0.16752EPSS
Exploits4References3Affected Software1
cve
cve
added 2016/08/31 3:0 p.m.63 views

CVE-2016-5679

The CVE-2016-5679 issue affects NUUO NVRmini 2 (versions 1.7.6–3.0.0) and NETGEAR ReadyNAS Surveillance (1.1.2). The root cause is improper input validation in the transfer_license command’s sn parameter, allowing shell metacharacters to be injected. This can let an authenticated user execute arb...

9CVSS8AI score0.14119EPSS
Exploits4References3Affected Software1
attackerkb
attackerkb
added 2016/08/31 12:0 a.m.54 views

CVE-2016-5674

debuggingcenterutils .php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...

10CVSS8.4AI score0.9461EPSS
In wildExploits11References4
openvas
openvas
added 2016/08/24 12:0 a.m.14 views

NUUO NVRmini 2 <= 3.0.8 LFI Vulnerability - Active Check

NUUO NVRmini 2 devices are prone to a local file disclosure LFI vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.2AI score
Exploits0References3
openvas
openvas
added 2016/08/23 12:0 a.m.212 views

NUUO NVRmini 2 <= 3.0.8 Multiple Vulnerabilities - Active Check

NUUO NVRmini 2 devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nuuo:nuuo";...

10CVSS8.3AI score0.9461EPSS
Exploits15References7
cnvd
cnvd
added 2016/08/14 12:0 a.m.5 views

Information Disclosure Vulnerabilities in Multiple NUUO and NetGear Products

NUUO NVRmini 2 and NVRsolo are network video recorders.NetGear ReadyNAS Surveillance is a comprehensive IP video surveillance solution that integrates video surveillance software, storage, switching, and network management.NUUO Crystal is a Linux-based enterprise VMS Virtual Memory System NUUO...

7.5CVSS6.9AI score0.11989EPSS
Exploits4References1
Rows per page
Query Builder