Netgear Readynas Surveillance vulnerabilities

8 known vulnerabilities affecting netgear/readynas_surveillance.

Total CVEs
8
CISA KEV
0
Public exploits
6
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH6

Vulnerabilities

Page 1 of 1
CVE-2016-11056HIGHCVSS 8.8≤ 1.1.1-3≤ 1.4.1-32020-04-28
CVE-2016-11056 [HIGH] CVE-2016-11056: Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1. Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier.
nvd
CVE-2017-18861HIGHCVSS 8.0≤ 1.4.3-15≤ 1.1.4-52020-04-28
CVE-2017-18861 [HIGH] CWE-352 CVE-2017-18861: Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and ea Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier.
nvd
CVE-2016-5675CRITICALCVSS 9.8PoCv1.1.1v1.1.2+6 more2016-08-31
CVE-2016-5675 [CRITICAL] CWE-20 CVE-2016-5675: handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, N handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.
nvd
CVE-2016-5674CRITICALCVSS 9.8PoCv1.1.1v1.1.2+6 more2016-08-31
CVE-2016-5674 [CRITICAL] CWE-20 CVE-2016-5674: __debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3. __debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.
nvd
CVE-2016-5676HIGHCVSS 7.5PoCv1.1.1v1.1.2+6 more2016-08-31
CVE-2016-5676 [HIGH] CWE-285 CVE-2016-5676: cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.
nvd
CVE-2016-5679HIGHCVSS 8.8PoCv1.1.22016-08-31
CVE-2016-5679 [HIGH] CWE-78 CVE-2016-5679: cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allow cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
nvd
CVE-2016-5677HIGHCVSS 7.5PoCv1.1.1v1.1.2+6 more2016-08-31
CVE-2016-5677 [HIGH] CWE-200 CVE-2016-5677: NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveilla NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.
nvd
CVE-2016-5680HIGHCVSS 8.8PoCv1.1.22016-08-31
CVE-2016-5680 [HIGH] CWE-119 CVE-2016-5680: Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR Re Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
nvd