Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-5674

CWE-20 — Improper Input Validation6 documents6 sources

Severity

9.8CRITICAL

EPSS

89.4%

top 0.46%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Netgear Readynas Surveillance Nuuo Nvrmini 2 Nuuo Nvrsolo

Timeline

PublishedAug 31

Latest updateMay 17

Description

__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDnuuo/nvrsolo11 versions+10

▶NVDnuuo/nvrmini_25 versions+4

▶NVDnetgear/readynas_surveillance8 versions+7

🔴Vulnerability Details

GHSA

GHSA-fx93-287m-8f7q: __debugging_center_utils___↗2022-05-17

▶

CVEList

CVE-2016-5674: __debugging_center_utils___↗2016-08-31

▶

VulnCheck

NETGEAR readynas_surveillance Improper Input Validation↗2016

▶

💥Exploits & PoCs

Exploit-DB

NUUO NVRmini2 / NVRsolo / Crystal Devices / NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities↗2016-08-05

▶

Nuclei

NUUO NVR camera `debugging_center_utils_.php` - Command Execution

▶