CVE-2016-5674

Name of the Vulnerable Software and Affected Versions NUUO NVRmini versions 1.7.5 through 3.0.0 NUUO NVRsolo versions 1.7.5 through 3.0.0 NETGEAR ReadyNAS Surveillance versions 1.1.1 through 1.4.1

Description The issue exists due to insufficient input validation in the debugging center utils .php component of network video surveillance systems. This allows a remote attacker to execute arbitrary PHP code via the log parameter.

Recommendations For NUUO NVRmini versions 1.7.5 through 3.0.0, update to a version that includes the fix for the debugging center utils .php component. For NUUO NVRsolo versions 1.7.5 through 3.0.0, update to a version that includes the fix for the debugging center utils .php component. For NETGEAR ReadyNAS Surveillance versions 1.1.1 through 1.4.1, update to a version that includes the fix for the debugging center utils .php component. As a temporary workaround, consider restricting access to the debugging center utils .php component until a patch is available. Avoid using the log parameter in the affected API endpoint until the issue is resolved.