CVE-2016-5680
published 2016-08-31CVE-2016-5680: Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users…
PriorityP181high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
16.75%
96.6th percentile
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netgear | readynas_surveillance | — | — |
| nuuo | nvrmini_2 | — | — |
| nuuo | nvrmini_2 | — | — |
| nuuo | nvrmini_2 | — | — |
| nuuo | nvrmini_2 | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qjpx-gqc9-mcgx: Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1
ghsa_unreviewed·2022-05-17
CVE-2016-5680 [HIGH] CWE-119 GHSA-qjpx-gqc9-mcgx: Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
VulnCheck
nuuo nvrmini_2 Improper Restriction of Operations within the Bounds of a Memory Buffer
vulncheck·2016·CVSS 8.8
CVE-2016-5680 [HIGH] nuuo nvrmini_2 Improper Restriction of Operations within the Bounds of a Memory Buffer
nuuo nvrmini_2 Improper Restriction of Operations within the Bounds of a Memory Buffer
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
Affected: nuuo nvrmini_2
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.cs.ucr.edu/~adava003/MalNet_IMC2022.pdf
No detection rules found.
No writeups or analysis indexed.
2016-08-31
Published
Exploited in the wild