CVE-2016-5680

HIGH EXPLOITED

NUUO NVRmini <3.0.0 - Buffer Overflow

Title source: llm

Exploitation Summary

CVE-2016-5680 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Pedro Ribeiro.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in NUUO NVR devices and NETGEAR ReadyNAS Surveillance, including unauthenticated remote code execution via improper input validation in PHP files. Proofs of concept include command injection via GET parameters to achieve reverse shells as root or admin.

Description

Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.

Exploits (1)

exploitdb WORKING POC

by Pedro Ribeiro · textremotehardware

https://www.exploit-db.com/exploits/40200

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in NUUO NVR devices and NETGEAR ReadyNAS Surveillance, including unauthenticated remote code execution via improper input validation in PHP files. Proofs of concept include command injection via GET parameters to achieve reverse shells as root or admin.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: NUUO NVRmini2, NVRsolo, Crystal, NETGEAR ReadyNAS Surveillance

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/856152

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/92318

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40200/

Scores

CVSS v3 8.8

EPSS 0.1675

EPSS Percentile 96.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2022-10-27

CWE

CWE-119

Status published

Products (5)

netgear/readynas_surveillance 1.1.2

nuuo/nvrmini_2 1.7.6

nuuo/nvrmini_2 2.0.0

nuuo/nvrmini_2 2.2.1

nuuo/nvrmini_2 3.0.0

Published Aug 31, 2016

Tracked Since Feb 18, 2026