PT-2016-6633 · NetGear+1 · Netgear Readynas Surveillance+2
Pedro Ribeiro
·
Publicado
2016-08-31
·
Atualizado
2017-09-03
·
CVE-2016-5677
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
NUUO NVRmini 2 versions 1.7.5 through 3.0.0
NUUO NVRsolo versions 1.0.0 through 3.0.0
NETGEAR ReadyNAS Surveillance versions 1.1.1 through 1.4.1
Description
The issue allows remote attackers to obtain sensitive information due to a hardcoded password for the nuuoeng account. This can be exploited via an nvr status .php request.
Recommendations
For NUUO NVRmini 2 versions 1.7.5 through 3.0.0, consider changing the hardcoded password for the nuuoeng account.
For NUUO NVRsolo versions 1.0.0 through 3.0.0, consider changing the hardcoded password for the nuuoeng account.
For NETGEAR ReadyNAS Surveillance versions 1.1.1 through 1.4.1, consider changing the hardcoded password for the nuuoeng account.
As a temporary workaround, consider restricting access to the nvr status .php endpoint until a patch is available.
Exploit
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Netgear Readynas Surveillance
Nuuo Nvrmini 2
Nuuo Nvrsolo