This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Nuuo First view 2016-08-31
Product Nvrsolo Last view 2016-08-31
Version Type Os
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:o:nuuo:nvrsolo:2.1.5:*:*:*:*:*:*:* 5
cpe:2.3:o:nuuo:nvrsolo:2.2.2:*:*:*:*:*:*:* 5
cpe:2.3:o:nuuo:nvrsolo:2.3:*:*:*:*:*:*:* 5
cpe:2.3:o:nuuo:nvrsolo:2.3.1.20:*:*:*:*:*:*:* 5
cpe:2.3:o:nuuo:nvrsolo:2.3.7.9:*:*:*:*:*:*:* 5
cpe:2.3:o:nuuo:nvrsolo:2.0.1:*:*:*:*:*:*:* 5
cpe:2.3:o:nuuo:nvrsolo:3.0.0:*:*:*:*:*:*:* 5
cpe:2.3:o:nuuo:nvrsolo:1.75:*:*:*:*:*:*:* 5
cpe:2.3:o:nuuo:nvrsolo:2.0.0:*:*:*:*:*:*:* 5
cpe:2.3:o:nuuo:nvrsolo:2.3.7.10:*:*:*:*:*:*:* 5
cpe:2.3:o:nuuo:nvrsolo:2.3.9.6:*:*:*:*:*:*:* 5
cpe:2.3:o:nuuo:nvrsolo:1.0.0:*:*:*:*:*:*:* 3
cpe:2.3:o:nuuo:nvrsolo:1.0.1:*:*:*:*:*:*:* 3
cpe:2.3:o:nuuo:nvrsolo:1.3.0:*:*:*:*:*:*:* 3
cpe:2.3:o:nuuo:nvrsolo:1.1.2:*:*:*:*:*:*:* 3
cpe:2.3:o:nuuo:nvrsolo:1.1.1:*:*:*:*:*:*:* 3
cpe:2.3:o:nuuo:nvrsolo:1.1.0:*:*:*:*:*:*:* 3
cpe:2.3:o:nuuo:nvrsolo:1.1.0.117:*:*:*:*:*:*:* 3
cpe:2.3:o:nuuo:nvrsolo:1.2.0:*:*:*:*:*:*:* 3

Related : CVE

  Date Alert Description
9.8 2016-08-31 CVE-2016-5678

NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors.
7.5 2016-08-31 CVE-2016-5677

NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.
7.5 2016-08-31 CVE-2016-5676

cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.
9.8 2016-08-31 CVE-2016-5675

handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.
9.8 2016-08-31 CVE-2016-5674

__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.

CWE : Common Weakness Enumeration

%idName
40% (2) CWE-20 Improper Input Validation
20% (1) CWE-798 Use of Hard-coded Credentials
20% (1) CWE-285 Improper Access Control (Authorization)
20% (1) CWE-200 Information Exposure

SAINT Exploits

Description Link
NETGEAR ReadyNAS Surveillance Command Execution More info here

Snort® IPS/IDS

Date Description
2016-12-20 Netgear ReadyNAS Surveillance cgi_system administrator password reset attempt
RuleID : 40815 - Type : SERVER-WEBAPP - Revision : 2
2016-09-13 Netgear ReadyNAS Surveillance handle_daylightsaving command injection attempt
RuleID : 39848 - Type : SERVER-WEBAPP - Revision : 2
2016-09-13 Netgear ReadyNAS Surveillance handle_daylightsaving command injection attempt
RuleID : 39847 - Type : SERVER-WEBAPP - Revision : 2
2016-09-13 Netgear ReadyNAS Surveillance debugging_center_utils command injection attempt
RuleID : 39846 - Type : SERVER-WEBAPP - Revision : 2
2016-09-13 Netgear ReadyNAS Surveillance debugging_center_utils command injection attempt
RuleID : 39845 - Type : SERVER-WEBAPP - Revision : 2