PT-2016-6631 · NetGear+1 · Netgear Readynas Surveillance+3
Pedro Ribeiro
·
Publicado
2016-08-31
·
Atualizado
2017-09-03
·
CVE-2016-5675
CVSS v3.1
10
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
NUUO NVRmini 2 versions 1.7.5 through 3.0.0
NUUO NVRsolo versions 1.0.0 through 3.0.0
NUUO Crystal versions 2.2.1 through 3.2.0
NETGEAR ReadyNAS Surveillance versions 1.1.1 through 1.4.1
Description
The issue allows remote attackers to execute arbitrary PHP code via the
NTPServer parameter in the handle daylightsaving.php file.Recommendations
For NUUO NVRmini 2 versions 1.7.5 through 3.0.0, update to a version outside of this range to resolve the issue.
For NUUO NVRsolo versions 1.0.0 through 3.0.0, update to a version outside of this range to resolve the issue.
For NUUO Crystal versions 2.2.1 through 3.2.0, update to a version outside of this range to resolve the issue.
For NETGEAR ReadyNAS Surveillance versions 1.1.1 through 1.4.1, update to a version outside of this range to resolve the issue.
As a temporary workaround, consider restricting access to the handle daylightsaving.php file to minimize the risk of exploitation.
Exploit
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Netgear Readynas Surveillance
Nuuo Crystal
Nuuo Nvrmini 2
Nuuo Nvrsolo