CVE-2016-5675

handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
netgearreadynas_surveillance
1.1.1
netgearreadynas_surveillance
1.1.2
netgearreadynas_surveillance
1.2.0.4
netgearreadynas_surveillance
1.3.2.4
netgearreadynas_surveillance
1.3.2.14
netgearreadynas_surveillance
1.4.0
netgearreadynas_surveillance
1.4.1
netgearreadynas_surveillance
1.4.2
nuuocrystal
2.2.1
nuuocrystal
3.0.0
nuuocrystal
3.1.0
nuuocrystal
3.2.0
nuuonvrsolo
1.0.0
nuuonvrsolo
1.0.1
nuuonvrsolo
1.1.0
nuuonvrsolo
1.1.0.117
nuuonvrsolo
1.1.1
nuuonvrsolo
1.1.2
nuuonvrsolo
1.2.0
nuuonvrsolo
1.3.0
nuuonvrsolo
1.75
nuuonvrsolo
2.0.0
nuuonvrsolo
2.0.1
nuuonvrsolo
2.1.5
nuuonvrsolo
2.2.2
nuuonvrsolo
2.3
nuuonvrsolo
2.3.1.20
nuuonvrsolo
2.3.7.9
nuuonvrsolo
2.3.7.10
nuuonvrsolo
2.3.9.6
nuuonvrsolo
3.0.0
nuuonvrmini_2
1.7.5
nuuonvrmini_2
1.7.6
nuuonvrmini_2
2.0.0
nuuonvrmini_2
2.2.1
nuuonvrmini_2
3.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.kb.cert.org/vuls/id/856152
http://www.securityfocus.com/bid/92318
https://www.exploit-db.com/exploits/40200/
http://www.kb.cert.org/vuls/id/856152
http://www.securityfocus.com/bid/92318
https://www.exploit-db.com/exploits/40200/