Vulnerability Details : CVE-2016-5676
Public exploit exists!
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.
Products affected by CVE-2016-5676
- cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:netgear:readynas_surveillance:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:netgear:readynas_surveillance:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:netgear:readynas_surveillance:1.3.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:netgear:readynas_surveillance:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:netgear:readynas_surveillance:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:netgear:readynas_surveillance:1.3.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:netgear:readynas_surveillance:1.2.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*
- cpe:2.3:o:nuuo:nvrmini_2:1.7.5:*:*:*:*:*:*:*
- cpe:2.3:o:nuuo:nvrsolo:2.3.9.6:*:*:*:*:*:*:*
- cpe:2.3:o:nuuo:nvrsolo:2.3.7.10:*:*:*:*:*:*:*
- cpe:2.3:o:nuuo:nvrsolo:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:nuuo:nvrsolo:1.75:*:*:*:*:*:*:*
- cpe:2.3:o:nuuo:nvrsolo:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:nuuo:nvrsolo:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:o:nuuo:nvrsolo:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:nuuo:nvrsolo:2.3.7.9:*:*:*:*:*:*:*
- cpe:2.3:o:nuuo:nvrsolo:2.3.1.20:*:*:*:*:*:*:*
- cpe:2.3:o:nuuo:nvrsolo:2.3:*:*:*:*:*:*:*
- cpe:2.3:o:nuuo:nvrsolo:2.2.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-5676
75.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2016-5676
-
NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Default Configuration Load and Administrator Password
Disclosure Date: 2016-08-04First seen: 2020-04-26auxiliary/admin/http/nuuo_nvrmini_resetThe NVRmini 2 Network Video Recorded and the ReadyNAS Surveillance application are vulnerable to an administrator password reset on the exposed web management interface. Note that this only works for unauthenticated attackers in earlier versions of the Nuuo firmware
CVSS scores for CVE-2016-5676
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-5676
-
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5676
-
http://www.kb.cert.org/vuls/id/856152
VU#856152 - NUUO and Netgear Network Video Recorder (NVR) products web interfaces contain multiple vulnerabilitiesThird Party Advisory;US Government Resource
-
https://www.exploit-db.com/exploits/40200/
NUUO NVRmini2 / NVRsolo / Crystal Devices / NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities
-
http://www.securityfocus.com/bid/92318
NUUO and Netgear Network Multiple Products Multiple Security Vulnerabilities
Jump to