cbcvebase.
CVE-2016-5674
published 2016-08-31

CVE-2016-5674: __debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1…

PriorityP191critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
94.61%
99.8th percentile
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.

Affected

24 ranges
VendorProductVersion rangeFixed in
netgearreadynas_surveillance
netgearreadynas_surveillance
netgearreadynas_surveillance
netgearreadynas_surveillance
netgearreadynas_surveillance
netgearreadynas_surveillance
netgearreadynas_surveillance
netgearreadynas_surveillance
nuuonvrmini_2
nuuonvrmini_2
nuuonvrmini_2
nuuonvrmini_2
nuuonvrmini_2
nuuonvrsolo
nuuonvrsolo
nuuonvrsolo
nuuonvrsolo
nuuonvrsolo
nuuonvrsolo
nuuonvrsolo
nuuonvrsolo
nuuonvrsolo
nuuonvrsolo
nuuonvrsolo

Detection & IOCsextracted from sources · hover to see the quote

path/__debugging_center_utils___.php
url{{BaseURL}}/__debugging_center_utils___.php?log=;echo%20{{rand}}%20|%20id
url{{BaseURL}}/__debugging_center_utils___.php?log=;echo%20{{rand}}%20|%20ipconfig
commandlog=;echo <rand> | id
commandlog=;echo <rand> | ipconfig
  • HTTP GET request to /__debugging_center_utils___.php with a `log` parameter containing a shell command injection payload (semicolon-prefixed OS command). Response body will contain 'Debugging Center' and command output (e.g., uid=/gid= pattern for Linux, 'Windows IP' for Windows).
  • Successful exploitation response body contains the string 'Debugging Center' alongside command execution output. Match on HTTP 200 status code combined with this body string.
  • FOFA/Shodan fingerprinting queries to identify exposed NUUO NVR and ReadyNAS Surveillance devices: app="NUUO-NVRmini", app="NUUO-NVR", or title="Network Video Recorder Login".
  • Exploitation is unauthenticated (no credentials required). Successful exploitation yields code execution as root on NVRmini or as 'admin' on ReadyNAS.
  • ·The vulnerability affects a specific version range. NUUO NVRmini 2 and NVRsolo versions 1.7.5–3.0.0, and NETGEAR ReadyNAS Surveillance versions 1.1.1–1.4.1 are confirmed vulnerable. Devices outside these ranges may not be affected.
  • ·The Metasploit module notes the exploit has been tested on NVRmini 2 and ReadyNAS Surveillance but has NOT been tested on NVRsolo or other Nuuo devices, though it probably works on them.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.