cbcvebase.
CVE-2016-5676
published 2016-08-31

CVE-2016-5676: cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote…

PriorityP274high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
EXPLOIT
EPSS
53.72%
98.9th percentile
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.

Affected

24 ranges
VendorProductVersion rangeFixed in
netgearreadynas_surveillance
netgearreadynas_surveillance
netgearreadynas_surveillance
netgearreadynas_surveillance
netgearreadynas_surveillance
netgearreadynas_surveillance
netgearreadynas_surveillance
netgearreadynas_surveillance
nuuonvrmini_2
nuuonvrmini_2
nuuonvrmini_2
nuuonvrmini_2
nuuonvrmini_2
nuuonvrsolo
nuuonvrsolo
nuuonvrsolo
nuuonvrsolo
nuuonvrsolo
nuuonvrsolo
nuuonvrsolo
nuuonvrsolo
nuuonvrsolo
nuuonvrsolo
nuuonvrsolo

Detection & IOCsextracted from sources · hover to see the quote

pathcgi-bin/cgi_system
commandcmd=loaddefconfig
  • Monitor HTTP requests targeting /cgi-bin/cgi_system with the parameter cmd=loaddefconfig, which triggers an unauthenticated administrator password reset on affected NUUO/NETGEAR devices.
  • Unauthenticated exploitation is possible only on firmware versions before v1.7.6; on later versions an administrative password is required, so unauthenticated hits to this endpoint on patched devices may indicate credential-assisted attacks.
  • ·The exploit targets the web management interface of NUUO NVRmini 2, NVRsolo, and NETGEAR ReadyNAS Surveillance; the attack surface is the exposed HTTP management port of these devices.
  • ·The Metasploit module has been confirmed on NVRmini 2 and ReadyNAS Surveillance; NVRsolo and other NUUO devices are suspected vulnerable but unconfirmed.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.