Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-5676

CWE-2854 documents4 sources

Severity

7.5HIGH

EPSS

76.2%

top 1.07%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Netgear Readynas Surveillance Nuuo Nvrmini 2 Nuuo Nvrsolo

Timeline

PublishedAug 31

Latest updateMay 17

Description

cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDnuuo/nvrsolo11 versions+10

▶NVDnuuo/nvrmini_25 versions+4

▶NVDnetgear/readynas_surveillance8 versions+7

🔴Vulnerability Details

GHSA

GHSA-mhfq-mh5j-8qxc: cgi-bin/cgi_system in NUUO NVRmini 2 1↗2022-05-17

▶

CVEList

CVE-2016-5676: cgi-bin/cgi_system in NUUO NVRmini 2 1↗2016-08-31

▶

💥Exploits & PoCs

Exploit-DB

NUUO NVRmini2 / NVRsolo / Crystal Devices / NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities↗2016-08-05

▶