PT-2016-6631 · NetGear+1 · Netgear Readynas Surveillance+3
Pedro Ribeiro
·
Published
2016-08-31
·
Updated
2017-09-03
·
CVE-2016-5675
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
NUUO NVRmini 2 versions 1.7.5 through 3.0.0
NUUO NVRsolo versions 1.0.0 through 3.0.0
NUUO Crystal versions 2.2.1 through 3.2.0
NETGEAR ReadyNAS Surveillance versions 1.1.1 through 1.4.1
Description
The issue allows remote attackers to execute arbitrary PHP code via the
NTPServer parameter in the handle daylightsaving.php file.Recommendations
For NUUO NVRmini 2 versions 1.7.5 through 3.0.0, update to a version outside of this range to resolve the issue.
For NUUO NVRsolo versions 1.0.0 through 3.0.0, update to a version outside of this range to resolve the issue.
For NUUO Crystal versions 2.2.1 through 3.2.0, update to a version outside of this range to resolve the issue.
For NETGEAR ReadyNAS Surveillance versions 1.1.1 through 1.4.1, update to a version outside of this range to resolve the issue.
As a temporary workaround, consider restricting access to the handle daylightsaving.php file to minimize the risk of exploitation.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear Readynas Surveillance
Nuuo Crystal
Nuuo Nvrmini 2
Nuuo Nvrsolo