CVE-2016-5674

CRITICAL EXPLOITED NUCLEI

NETGEAR ReadyNAS Surveillance 1.1.1-1.4.1 & NUUO NVRmini2/NVRsolo 1.7.5-3.0.0 - RCE via __debugging_center_utils___.php

Title source: llm

Exploitation Summary

CVE-2016-5674 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Pedro Ribeiro, including a Metasploit module exploits/linux/http/nuuo_nvrmini_unauth_rce. A Nuclei detection template is also available.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in NUUO NVR devices and NETGEAR ReadyNAS Surveillance, including unauthenticated remote code execution via improper input validation in PHP files. Proofs of concept include command injection via GET parameters to achieve reverse shells as root or admin.

Description

__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.

Exploits (2)

exploitdb WORKING POC

by Pedro Ribeiro · textremotehardware

https://www.exploit-db.com/exploits/40200

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in NUUO NVR devices and NETGEAR ReadyNAS Surveillance, including unauthenticated remote code execution via improper input validation in PHP files. Proofs of concept include command injection via GET parameters to achieve reverse shells as root or admin.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: NUUO NVRmini2, NVRsolo, Crystal, NETGEAR ReadyNAS Surveillance

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nuuo_nvrmini_unauth_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated remote code execution vulnerability in NUUO NVRmini 2 and NETGEAR ReadyNAS Surveillance via a command injection in the `__debugging_center_utils__.php` endpoint. It handles different payload constraints for each target and executes commands as root or admin.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: NUUO NVRmini 2, NETGEAR ReadyNAS Surveillance

No auth needed

Prerequisites: Network access to the target's web interface on port 8081

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

NUUO NVR camera `debugging_center_utils_.php` - Command Execution

CRITICALVERIFIEDby DhiyaneshDK

FOFA:

app="NUUO-NVRmini" || app="NUUO-NVR" || title="Network Video Recorder Login" || app="nuuo-nvrmini" || app="nuuo-nvr" || title="network video recorder login"

References (3)

Core 3

Core References

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/856152

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/92318

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40200/

Scores

CVSS v3 9.8

EPSS 0.8938

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2022-04-01

CWE

CWE-20

Status published

Products (24)

netgear/readynas_surveillance 1.1.1

netgear/readynas_surveillance 1.1.2

netgear/readynas_surveillance 1.2.0.4

netgear/readynas_surveillance 1.3.2.4

netgear/readynas_surveillance 1.3.2.14

netgear/readynas_surveillance 1.4.0

netgear/readynas_surveillance 1.4.1

netgear/readynas_surveillance 1.4.2

nuuo/nvrmini_2 1.7.5

nuuo/nvrmini_2 1.7.6

... and 14 more

Published Aug 31, 2016

Tracked Since Feb 18, 2026