CVE-2016-5675

CRITICAL

NUUO <3.2.0 - RCE

Title source: llm

Description

handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.

Exploits (2)

exploitdb WORKING POC

by Pedro Ribeiro · textremotehardware

https://www.exploit-db.com/exploits/40200

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nuuo_nvrmini_auth_rce.rb

View Code ZIP pw:eip

References (3)

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/856152

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92318

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40200/

Scores

CVSS v3 9.8

EPSS 0.7306

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (36)

netgear/readynas_surveillance 1.1.1

netgear/readynas_surveillance 1.1.2

netgear/readynas_surveillance 1.2.0.4

netgear/readynas_surveillance 1.3.2.4

netgear/readynas_surveillance 1.3.2.14

netgear/readynas_surveillance 1.4.0

netgear/readynas_surveillance 1.4.1

netgear/readynas_surveillance 1.4.2

nuuo/crystal 2.2.1

nuuo/crystal 3.0.0

... and 26 more

Published Aug 31, 2016

Tracked Since Feb 18, 2026