Readynas Surveillance

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-28	CVE-2017-18861	Cross-Site Request Forgery (CSRF) vulnerability in Netgear Readynas Surveillance 1.1.45/1.4.315 Certain NETGEAR devices are affected by CSRF. netgear CWE-352	7.9
2020-04-28	CVE-2016-11056	Unspecified vulnerability in Netgear Readynas Surveillance 1.1.1/1.1.13/1.4.13 Certain NETGEAR devices are affected by anonymous root access. network low complexity netgear critical	9.0
2019-06-11	CVE-2017-18378	Command Injection vulnerability in Netgear Readynas Surveillance Firmware In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution. network low complexity netgear CWE-77	7.5
2016-08-31	CVE-2016-5680	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command. network low complexity nuuo netgear CWE-119 critical	9.0
2016-08-31	CVE-2016-5679	OS Command Injection vulnerability in multiple products cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command. network low complexity nuuo netgear CWE-78 critical	9.0
2016-08-31	CVE-2016-5677	Information Exposure vulnerability in multiple products NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request. network low complexity netgear nuuo CWE-200	5.0
2016-08-31	CVE-2016-5676	Improper Authorization vulnerability in multiple products cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action. network low complexity netgear nuuo CWE-285	5.0
2016-08-31	CVE-2016-5675	Improper Input Validation vulnerability in multiple products handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter. network low complexity netgear nuuo CWE-20 critical	10.0
2016-08-31	CVE-2016-5674	Improper Input Validation vulnerability in multiple products __debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter. network low complexity netgear nuuo CWE-20 critical	10.0