Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-5680

CWE-119 — Buffer Overflow5 documents5 sources

Severity

8.8HIGH

EPSS

33.3%

top 3.08%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Netgear Readynas Surveillance Nuuo Nvrmini 2

Timeline

PublishedAug 31

Latest updateMay 17

Description

Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDnetgear/readynas_surveillance1.1.2

▶NVDnuuo/nvrmini_24 versions+3

🔴Vulnerability Details

GHSA

GHSA-qjpx-gqc9-mcgx: Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1↗2022-05-17

▶

CVEList

CVE-2016-5680: Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1↗2016-08-31

▶

VulnCheck

nuuo nvrmini_2 Improper Restriction of Operations within the Bounds of a Memory Buffer↗2016

▶

💥Exploits & PoCs

Exploit-DB

NUUO NVRmini2 / NVRsolo / Crystal Devices / NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities↗2016-08-05

▶