Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-5679

CWE-78 — OS Command Injection5 documents5 sources

Severity

8.8HIGH

EPSS

15.5%

top 5.34%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Netgear Readynas Surveillance Nuuo Nvrmini 2

Timeline

PublishedAug 31

Latest updateMay 17

Description

cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDnetgear/readynas_surveillance1.1.2

▶NVDnuuo/nvrmini_24 versions+3

🔴Vulnerability Details

GHSA

GHSA-qv3w-r93f-fcxc: cgi-bin/cgi_main in NUUO NVRmini 2 1↗2022-05-17

▶

CVEList

CVE-2016-5679: cgi-bin/cgi_main in NUUO NVRmini 2 1↗2016-08-31

▶

VulnCheck

nuuo nvrmini_2 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')↗2016

▶

💥Exploits & PoCs

Exploit-DB

NUUO NVRmini2 / NVRsolo / Crystal Devices / NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities↗2016-08-05

▶