CVE-2016-5676 – NUUO NVRmini2 / NVRsolo / Crystal Devices / NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-5676
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action. cgi-bin/cgi_system en NUUO NVRmini 2 1.7.5 hasta la versión 2.x, NUUO NVRsolo 1.7.5 hasta la versión 2.x y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versión 1.4.1 permite a atacantes remotos reiniciar la contraseña de administrador a través de una acción cmd=loaddefconfig. NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS suffer from multiple security issues that result in remote code execution, backdoor access, buffer overflow, and various other vulnerabilities. • https://www.exploit-db.com/exploits/40200 http://www.kb.cert.org/vuls/id/856152 http://www.securityfocus.com/bid/92318 https://raw.githubusercontent.com/pedrib/PoC/master/advisories/NUUO/nuuo-nvr-vulns.txt https://seclists.org/bugtraq/2016/Aug/45 • CWE-285: Improper Authorization •
CVE-2016-5674 – NUUO NVRmini2 / NVRsolo / Crystal Devices / NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-5674
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter. __debugging_center_utils___.php en NUUO NVRmini 2 1.7.5 hasta la versión 3.0.0, NUUO NVRsolo 1.7.5 hasta la versión 3.0.0 y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versión 1.4.1 permite a atacantes remotos ejecutar código PHP arbitrario a través del parámetro de registro. NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS suffer from multiple security issues that result in remote code execution, backdoor access, buffer overflow, and various other vulnerabilities. • https://www.exploit-db.com/exploits/40200 http://www.kb.cert.org/vuls/id/856152 http://www.securityfocus.com/bid/92318 https://raw.githubusercontent.com/pedrib/PoC/master/advisories/NUUO/nuuo-nvr-vulns.txt https://seclists.org/bugtraq/2016/Aug/45 • CWE-20: Improper Input Validation •