CVE-2016-5679
published 2016-08-31CVE-2016-5679: cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands…
PriorityP277high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
14.12%
96.1th percentile
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netgear | readynas_surveillance | — | — |
| nuuo | nvrmini_2 | — | — |
| nuuo | nvrmini_2 | — | — |
| nuuo | nvrmini_2 | — | — |
| nuuo | nvrmini_2 | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qv3w-r93f-fcxc: cgi-bin/cgi_main in NUUO NVRmini 2 1
ghsa_unreviewed·2022-05-17
CVE-2016-5679 [HIGH] CWE-78 GHSA-qv3w-r93f-fcxc: cgi-bin/cgi_main in NUUO NVRmini 2 1
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
VulnCheck
nuuo nvrmini_2 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
vulncheck·2016·CVSS 8.8
CVE-2016-5679 [HIGH] nuuo nvrmini_2 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
nuuo nvrmini_2 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
Affected: nuuo nvrmini_2
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://web.archive.org/web/20200319160240/https://labs.bitdefender.com/2020/01/hold-my-beer-mirai-spinoff-named-liquorbot-incorporates-cryptomining/
No detection rules found.
No writeups or analysis indexed.
2016-08-31
Published
Exploited in the wild