Summary
Detail | |||
---|---|---|---|
Vendor | Nuuo | First view | 2016-08-31 |
Product | Nvrsolo | Last view | 2016-08-31 |
Version | Type | Os | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.8 | 2016-08-31 | CVE-2016-5678 | NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors. |
7.5 | 2016-08-31 | CVE-2016-5677 | NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request. |
7.5 | 2016-08-31 | CVE-2016-5676 | cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action. |
9.8 | 2016-08-31 | CVE-2016-5675 | handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter. |
9.8 | 2016-08-31 | CVE-2016-5674 | __debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
40% (2) | CWE-20 | Improper Input Validation |
20% (1) | CWE-798 | Use of Hard-coded Credentials |
20% (1) | CWE-285 | Improper Access Control (Authorization) |
20% (1) | CWE-200 | Information Exposure |
SAINT Exploits
Description | Link |
---|---|
NETGEAR ReadyNAS Surveillance Command Execution | More info here |
Snort® IPS/IDS
Date | Description |
---|---|
2016-12-20 | Netgear ReadyNAS Surveillance cgi_system administrator password reset attempt RuleID : 40815 - Type : SERVER-WEBAPP - Revision : 2 |
2016-09-13 | Netgear ReadyNAS Surveillance handle_daylightsaving command injection attempt RuleID : 39848 - Type : SERVER-WEBAPP - Revision : 2 |
2016-09-13 | Netgear ReadyNAS Surveillance handle_daylightsaving command injection attempt RuleID : 39847 - Type : SERVER-WEBAPP - Revision : 2 |
2016-09-13 | Netgear ReadyNAS Surveillance debugging_center_utils command injection attempt RuleID : 39846 - Type : SERVER-WEBAPP - Revision : 2 |
2016-09-13 | Netgear ReadyNAS Surveillance debugging_center_utils command injection attempt RuleID : 39845 - Type : SERVER-WEBAPP - Revision : 2 |