CVE-2016-5676

HIGH

NUUO NVRmini <2 - RCE

Title source: llm

Description

cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.

Exploits (2)

exploitdb WORKING POC

by Pedro Ribeiro · textremotehardware

https://www.exploit-db.com/exploits/40200

View Code ZIP pw:eip

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/nuuo_nvrmini_reset.rb

View Code ZIP pw:eip

References (3)

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/856152

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92318

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40200/

Scores

CVSS v3 7.5

EPSS 0.7623

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-285

Status published

Products (24)

netgear/readynas_surveillance 1.1.1

netgear/readynas_surveillance 1.1.2

netgear/readynas_surveillance 1.2.0.4

netgear/readynas_surveillance 1.3.2.4

netgear/readynas_surveillance 1.3.2.14

netgear/readynas_surveillance 1.4.0

netgear/readynas_surveillance 1.4.1

netgear/readynas_surveillance 1.4.2

nuuo/nvrmini_2 1.7.5

nuuo/nvrmini_2 1.7.6

... and 14 more

Published Aug 31, 2016

Tracked Since Feb 18, 2026