CVE-2016-5678

CRITICAL

NUUO NVRmini 2 & NVRsolo <3.0.0 - Info Disclosure

Title source: llm

Description

NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors.

Exploits (1)

exploitdb WORKING POC

by Pedro Ribeiro · textremotehardware

https://www.exploit-db.com/exploits/40200

View Code ZIP pw:eip

References (3)

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/856152

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92318

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40200/

Scores

CVSS v3 9.8

EPSS 0.3816

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (38)

nuuo/nvrmini_2 1.0.0

nuuo/nvrmini_2 1.1.0

nuuo/nvrmini_2 1.3.0

nuuo/nvrmini_2 1.3.2

nuuo/nvrmini_2 1.4.0

nuuo/nvrmini_2 1.5.1

nuuo/nvrmini_2 1.5.2

nuuo/nvrmini_2 1.6.0

nuuo/nvrmini_2 1.6.1

nuuo/nvrmini_2 1.6.2

... and 28 more

Published Aug 31, 2016

Tracked Since Feb 18, 2026