CVE-2016-5679

HIGH EXPLOITED

NUUO NVRmini <3.0.0 - Command Injection

Title source: llm

Exploitation Summary

CVE-2016-5679 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Pedro Ribeiro.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in NUUO NVR devices and NETGEAR ReadyNAS Surveillance, including unauthenticated remote code execution via improper input validation in PHP files. Proofs of concept include command injection via GET parameters to achieve reverse shells as root or admin.

Description

cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.

Exploits (1)

exploitdb WORKING POC

by Pedro Ribeiro · textremotehardware

https://www.exploit-db.com/exploits/40200

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in NUUO NVR devices and NETGEAR ReadyNAS Surveillance, including unauthenticated remote code execution via improper input validation in PHP files. Proofs of concept include command injection via GET parameters to achieve reverse shells as root or admin.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: NUUO NVRmini2, NVRsolo, Crystal, NETGEAR ReadyNAS Surveillance

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/856152

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/92318

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40200/

Scores

CVSS v3 8.8

EPSS 0.1412

EPSS Percentile 96.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2020-01-08

CWE

CWE-78

Status published

Products (5)

netgear/readynas_surveillance 1.1.2

nuuo/nvrmini_2 1.7.6

nuuo/nvrmini_2 2.0.0

nuuo/nvrmini_2 2.2.1

nuuo/nvrmini_2 3.0.0

Published Aug 31, 2016

Tracked Since Feb 18, 2026