Vulnerabilities > Netgear > Readynas Surveillance

DATE CVE VULNERABILITY TITLE RISK
2020-04-28 CVE-2017-18861 Cross-Site Request Forgery (CSRF) vulnerability in Netgear Readynas Surveillance 1.1.45/1.4.315
Certain NETGEAR devices are affected by CSRF.
low complexity
netgear CWE-352
8.0
2020-04-28 CVE-2016-11056 Unspecified vulnerability in Netgear Readynas Surveillance 1.1.1/1.1.13/1.4.13
Certain NETGEAR devices are affected by anonymous root access.
network
low complexity
netgear
8.8
2016-08-31 CVE-2016-5680 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
network
low complexity
nuuo netgear CWE-119
8.8
2016-08-31 CVE-2016-5679 OS Command Injection vulnerability in multiple products
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
network
low complexity
nuuo netgear CWE-78
8.8
2016-08-31 CVE-2016-5677 Information Exposure vulnerability in multiple products
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.
network
low complexity
netgear nuuo CWE-200
7.5
2016-08-31 CVE-2016-5676 Improper Authorization vulnerability in multiple products
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.
network
low complexity
netgear nuuo CWE-285
7.5
2016-08-31 CVE-2016-5675 Improper Input Validation vulnerability in multiple products
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.
network
low complexity
netgear nuuo CWE-20
critical
9.8
2016-08-31 CVE-2016-5674 Improper Input Validation vulnerability in multiple products
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.
network
low complexity
netgear nuuo CWE-20
critical
9.8