Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-5678Hard-coded Credentials in Nvrmini 2

CWE-798Hard-coded Credentials4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
38.2%
top 2.77%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Nuuo Nvrmini 2Nuuo Nvrsolo
Timeline
PublishedAug 31
Latest updateMay 17

Description

NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDnuuo/nvrsolo19 versions+18
NVDnuuo/nvrmini_219 versions+18

🔴Vulnerability Details

2
GHSA
GHSA-xc2r-2r8h-fqw9: NUUO NVRmini 2 12022-05-17
CVEList
CVE-2016-5678: NUUO NVRmini 2 12016-08-31

💥Exploits & PoCs

1
Exploit-DB
NUUO NVRmini2 / NVRsolo / Crystal Devices / NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities2016-08-05
CVE-2016-5678 — Hard-coded Credentials in Nvrmini 2 | cvebase