CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 1CVE-2016-5677 – NUUO NVRmini2 / NVRsolo / Crystal Devices / NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-5677
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request. NUUO NVRmini 2 1.7.5 hasta la versión 3.0.0, NUUO NVRsolo 1.0.0 hasta la versión 3.0.0 y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versión 1.4.1 tienen una contraseña codificada qwe23622260 para la cuenta nuuoeng, lo que permite a atacantes remotos obtener información sensible a través de una petición __nvr_status___.php. NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS suffer from multiple security issues that result in remote code execution, backdoor access, buffer overflow, and various other vulnerabilities. • https://www.exploit-db.com/exploits/40200 http://www.kb.cert.org/vuls/id/856152 http://www.securityfocus.com/bid/92318 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 38EXPL: 1CVE-2016-5678 – NUUO NVRmini2 / NVRsolo / Crystal Devices / NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-5678
NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors. NUUO NVRmini 2 1.0.0 hasta la versión 3.0.0 y NUUO NVRsolo 1.0.0 hasta la versión 3.0.0 tienen credenciales root codificadas, lo que permite a atacantes remotos obtener acceso administrativo a través de vectores no especificados. NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS suffer from multiple security issues that result in remote code execution, backdoor access, buffer overflow, and various other vulnerabilities. • https://www.exploit-db.com/exploits/40200 http://www.kb.cert.org/vuls/id/856152 http://www.securityfocus.com/bid/92318 • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 38%CPEs: 36EXPL: 1CVE-2016-5675 – NUUO NVRmini2 / NVRsolo / Crystal Devices / NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-5675
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter. handle_daylightsaving.php en NUUO NVRmini 2 1.7.5 hasta la versión 3.0.0, NUUO NVRsolo 1.0.0 hasta la versión 3.0.0, NUUO Crystal 2.2.1 hasta la versión 3.2.0 y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versión 1.4.1 permite a atacantes remotos ejecutar código PHP arbitrario a través del parámetro NTPServer. NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS suffer from multiple security issues that result in remote code execution, backdoor access, buffer overflow, and various other vulnerabilities. • https://www.exploit-db.com/exploits/40200 http://www.kb.cert.org/vuls/id/856152 http://www.securityfocus.com/bid/92318 https://raw.githubusercontent.com/pedrib/PoC/master/advisories/NUUO/nuuo-nvr-vulns.txt https://seclists.org/bugtraq/2016/Aug/45 • CWE-20: Improper Input Validation •