6 results (0.007 seconds)

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier. Determinados dispositivos de NETGEAR están afectados por el acceso root anónimo. Esto afecta a ReadyNAS Surveillance versiones 1.1.1-3-armel y anteriores y ReadyNAS Surveillance versiones 1.4.1-3-amd64 y anteriores. • https://kb.netgear.com/30275/ReadyNAS-Surveillance-Security-Vulnerability-Announcement •

CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0

Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier. Determinados dispositivos de NETGEAR están afectados por una vulnerabilidad de tipo CSRF. Esto afecta a ReadyNAS Surveillance versiones 1.4.3-15-x86 y anteriores y a ReadyNAS Surveillance versiones 1.1.4-5-ARM y anteriores. • https://kb.netgear.com/000038435/Security-Advisory-for-ReadyNAS-Surveillance-CSRF-Remote-Code-Execution-PSV-2017-0578 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 1

NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request. NUUO NVRmini 2 1.7.5 hasta la versión 3.0.0, NUUO NVRsolo 1.0.0 hasta la versión 3.0.0 y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versión 1.4.1 tienen una contraseña codificada qwe23622260 para la cuenta nuuoeng, lo que permite a atacantes remotos obtener información sensible a través de una petición __nvr_status___.php. NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS suffer from multiple security issues that result in remote code execution, backdoor access, buffer overflow, and various other vulnerabilities. • https://www.exploit-db.com/exploits/40200 http://www.kb.cert.org/vuls/id/856152 http://www.securityfocus.com/bid/92318 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 38%CPEs: 36EXPL: 1

handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter. handle_daylightsaving.php en NUUO NVRmini 2 1.7.5 hasta la versión 3.0.0, NUUO NVRsolo 1.0.0 hasta la versión 3.0.0, NUUO Crystal 2.2.1 hasta la versión 3.2.0 y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versión 1.4.1 permite a atacantes remotos ejecutar código PHP arbitrario a través del parámetro NTPServer. NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS suffer from multiple security issues that result in remote code execution, backdoor access, buffer overflow, and various other vulnerabilities. • https://www.exploit-db.com/exploits/40200 http://www.kb.cert.org/vuls/id/856152 http://www.securityfocus.com/bid/92318 https://raw.githubusercontent.com/pedrib/PoC/master/advisories/NUUO/nuuo-nvr-vulns.txt https://seclists.org/bugtraq/2016/Aug/45 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 9%CPEs: 24EXPL: 1

cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action. cgi-bin/cgi_system en NUUO NVRmini 2 1.7.5 hasta la versión 2.x, NUUO NVRsolo 1.7.5 hasta la versión 2.x y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versión 1.4.1 permite a atacantes remotos reiniciar la contraseña de administrador a través de una acción cmd=loaddefconfig. NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS suffer from multiple security issues that result in remote code execution, backdoor access, buffer overflow, and various other vulnerabilities. • https://www.exploit-db.com/exploits/40200 http://www.kb.cert.org/vuls/id/856152 http://www.securityfocus.com/bid/92318 https://raw.githubusercontent.com/pedrib/PoC/master/advisories/NUUO/nuuo-nvr-vulns.txt https://seclists.org/bugtraq/2016/Aug/45 • CWE-285: Improper Authorization •