Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:EF113A24E0B0062CE40E33D9823E2C96
HistoryAug 30, 2016 - 12:00 a.m.

NETGEAR ReadyNAS Surveillance Command Execution

2016-08-3000:00:00
SAINT Corporation
download.saintcorporation.com
69

0.958 High

EPSS

Percentile

99.5%

JSON

Added: 08/30/2016
CVE: CVE-2016-5674
BID: 92318

Background

NETGEAR ReadyNAS Surveillance combines their storage and switching solution (NETGEAR ReadyNAS Network Attached Storage system) with network video recording software from NUUO to provide an affordable surveillance solution for small businesses.

Problem

The web inteface used on NETGEAR ReadyNAS Surveillance contains a hidden file named __debugging_center_utils___.php that does not properly sanitize user input before passing it to the PHP system() call. Successful exploit results in command execution as the admin user.

Resolution

Contact the vendor for a software upgrade or find a different solution.

References

<https://www.exploit-db.com/exploits/40200/&gt;

Limitations

Exploit works on NETGEAR ReadyNAS Surveillance v1.1.1 to v1.4.1.

Platforms

Linux

Related

saint 3
cve 1
nuclei 1
cvelist 1
checkpoint_advisories 1
nvd 1
packetstorm 2
prion 1
attackerkb 1
seebug 1
cert 1
exploitpack 1
zdt 1
thn 1
openvas 1
exploitdb 1
saint
saint
NETGEAR ReadyNAS Surveillance Command Execution
2016-08-30 00:00:00
NETGEAR ReadyNAS Surveillance Command Execution
2016-08-30 00:00:00
NETGEAR ReadyNAS Surveillance Command Execution
2016-08-30 00:00:00
cve
cve
CVE-2016-5674
2016-08-31 15:59:00
nuclei
nuclei
NUUO NVR camera `debugging_center_utils_.php` - Command Execution
2024-04-01 11:40:38
cvelist
cvelist
CVE-2016-5674
2016-08-31 15:00:00
checkpoint_advisories
checkpoint_advisories
Nuuo NVR Log Parameter Unauthenticated Remote Code Execution (CVE-2016-5674)
2016-10-06 00:00:00
nvd
nvd
CVE-2016-5674
2016-08-31 15:59:00
packetstorm
packetstorm
NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Unauthenticated Remote Code Execution
2016-08-11 00:00:00
NUUO NVRmini2 / NVRsolo / Crystal And NETGEAR ReadyNAS Code Execution
2016-08-04 00:00:00
prion
prion
Code injection
2016-08-31 15:59:00
attackerkb
attackerkb
CVE-2016-5674
2016-08-31 00:00:00
seebug
seebug
Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance
2018-05-08 00:00:00
cert
cert
NUUO and Netgear Network Video Recorder (NVR) products web interfaces contain multiple vulnerabilities
2016-08-04 00:00:00
exploitpack
exploitpack
NUUO NVRmini2 NVRsolo Crystal Devices NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities
2016-08-05 00:00:00
zdt
zdt
NUUO NVRmini2 / NVRsolo / Crystal Devices / Netgear ReadyNAS Surveillance Application - Multiple Vul
2016-08-05 00:00:00
thn
thn
Beastmode DDoS Botnet Exploiting New TOTOLINK Bugs to Enslave More Routers
2022-04-04 07:09:00
openvas
openvas
NUUO NVRmini 2 <= 3.0.8 Multiple Vulnerabilities - Active Check
2016-08-23 00:00:00
exploitdb
exploitdb
NUUO NVRmini2 / NVRsolo / Crystal Devices / NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities
2016-08-05 00:00:00

0.958 High

EPSS

Percentile

99.5%

JSON
Related for SAINT:EF113A24E0B0062CE40E33D9823E2C96
saint3cve1nuclei1cvelist1checkpoint_advisories1nvd1packetstorm2prion1attackerkb1seebug1cert1exploitpack1zdt1thn1openvas1exploitdb1