Nuuo Nvrmini 2 vulnerabilities

8 known vulnerabilities affecting nuuo/nvrmini_2.

Total CVEs

8

CISA KEV

0

Public exploits

7

Exploited in wild

0

Severity breakdown

CRITICAL3HIGH4MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2016-15038MEDIUMCVSS 6.5v3.0.0v3.0.1+7 more2024-04-01

CVE-2016-15038 [MEDIUM] CWE-22 CVE-2016-15038: A vulnerability, which was classified as critical, was found in NUUO NVRmini 2 up to 3.0.8. Affected A vulnerability, which was classified as critical, was found in NUUO NVRmini 2 up to 3.0.8. Affected is an unknown function of the file /deletefile.php. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this v

CVE-2016-5675CRITICALCVSS 9.8PoCv1.7.5v1.7.6+3 more2016-08-31

CVE-2016-5675 [CRITICAL] CWE-20 CVE-2016-5675: handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, N handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.

CVE-2016-5678CRITICALCVSS 9.8PoCv1.0.0v1.1.0+17 more2016-08-31

CVE-2016-5678 [CRITICAL] CWE-798 CVE-2016-5678: NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credenti NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors.

CVE-2016-5674CRITICALCVSS 9.8PoCv1.7.5v1.7.6+3 more2016-08-31

CVE-2016-5674 [CRITICAL] CWE-20 CVE-2016-5674: __debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3. __debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.

CVE-2016-5676HIGHCVSS 7.5PoCv1.7.5v1.7.6+3 more2016-08-31

CVE-2016-5676 [HIGH] CWE-285 CVE-2016-5676: cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.

CVE-2016-5679HIGHCVSS 8.8PoCv1.7.6v2.0.0+2 more2016-08-31

CVE-2016-5679 [HIGH] CWE-78 CVE-2016-5679: cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allow cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.

CVE-2016-5677HIGHCVSS 7.5PoCv1.7.5v1.7.6+3 more2016-08-31

CVE-2016-5677 [HIGH] CWE-200 CVE-2016-5677: NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveilla NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.

CVE-2016-5680HIGHCVSS 8.8PoCv1.7.6v2.0.0+2 more2016-08-31

CVE-2016-5680 [HIGH] CWE-119 CVE-2016-5680: Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR Re Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.