CVE-2016-5677

NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
netgearreadynas_surveillance
1.1.1
netgearreadynas_surveillance
1.1.2
netgearreadynas_surveillance
1.2.0.4
netgearreadynas_surveillance
1.3.2.4
netgearreadynas_surveillance
1.3.2.14
netgearreadynas_surveillance
1.4.0
netgearreadynas_surveillance
1.4.1
netgearreadynas_surveillance
1.4.2
nuuonvrmini_2
1.7.5
nuuonvrmini_2
1.7.6
nuuonvrmini_2
2.0.0
nuuonvrmini_2
2.2.1
nuuonvrmini_2
3.0.0
nuuonvrsolo
1.0.0
nuuonvrsolo
1.0.1
nuuonvrsolo
1.1.0
nuuonvrsolo
1.1.0.117
nuuonvrsolo
1.1.1
nuuonvrsolo
1.1.2
nuuonvrsolo
1.2.0
nuuonvrsolo
1.3.0
nuuonvrsolo
1.75
nuuonvrsolo
2.0.0
nuuonvrsolo
2.0.1
nuuonvrsolo
2.1.5
nuuonvrsolo
2.2.2
nuuonvrsolo
2.3
nuuonvrsolo
2.3.1.20
nuuonvrsolo
2.3.7.9
nuuonvrsolo
2.3.7.10
nuuonvrsolo
2.3.9.6
nuuonvrsolo
3.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.kb.cert.org/vuls/id/856152
http://www.securityfocus.com/bid/92318
https://www.exploit-db.com/exploits/40200/
http://www.kb.cert.org/vuls/id/856152
http://www.securityfocus.com/bid/92318
https://www.exploit-db.com/exploits/40200/