This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Netgear First view 2016-08-31
Product Readynas Surveillance Last view 2020-04-28
Version 1.1.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:netgear:readynas_surveillance

Activity : Overall

Related : CVE

  Date Alert Description
8 2020-04-28 CVE-2017-18861

Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier.

8.8 2020-04-28 CVE-2016-11056

Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier.

8.8 2016-08-31 CVE-2016-5680

Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.

8.8 2016-08-31 CVE-2016-5679

cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.

7.5 2016-08-31 CVE-2016-5677

NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.

7.5 2016-08-31 CVE-2016-5676

cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.

9.8 2016-08-31 CVE-2016-5675

handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.

9.8 2016-08-31 CVE-2016-5674

__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.

CWE : Common Weakness Enumeration

%idName
28% (2) CWE-20 Improper Input Validation
14% (1) CWE-352 Cross-Site Request Forgery (CSRF)
14% (1) CWE-285 Improper Access Control (Authorization)
14% (1) CWE-200 Information Exposure
14% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...

SAINT Exploits

Description Link
NETGEAR ReadyNAS Surveillance Command Execution More info here

Snort® IPS/IDS

Date Description
2016-12-20 Netgear ReadyNAS Surveillance cgi_system administrator password reset attempt
RuleID : 40815 - Type : SERVER-WEBAPP - Revision : 2
2016-10-01 Netgear ReadyNAS Surveillance cgi_main stack buffer overflow attempt
RuleID : 39982 - Type : SERVER-WEBAPP - Revision : 2
2016-10-01 Netgear ReadyNAS Surveillance cgi_main stack buffer overflow attempt
RuleID : 39981 - Type : SERVER-WEBAPP - Revision : 2
2016-10-01 Netgear ReadyNAS Surveillance cgi_main command injection attempt
RuleID : 39980 - Type : SERVER-WEBAPP - Revision : 2
2016-10-01 Netgear ReadyNAS Surveillance cgi_main command injection attempt
RuleID : 39979 - Type : SERVER-WEBAPP - Revision : 2
2016-10-01 Netgear ReadyNAS Surveillance cgi_main command injection attempt
RuleID : 39978 - Type : SERVER-WEBAPP - Revision : 2
2016-09-13 Netgear ReadyNAS Surveillance handle_daylightsaving command injection attempt
RuleID : 39848 - Type : SERVER-WEBAPP - Revision : 2
2016-09-13 Netgear ReadyNAS Surveillance handle_daylightsaving command injection attempt
RuleID : 39847 - Type : SERVER-WEBAPP - Revision : 2
2016-09-13 Netgear ReadyNAS Surveillance debugging_center_utils command injection attempt
RuleID : 39846 - Type : SERVER-WEBAPP - Revision : 2
2016-09-13 Netgear ReadyNAS Surveillance debugging_center_utils command injection attempt
RuleID : 39845 - Type : SERVER-WEBAPP - Revision : 2