Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Nuuo Subscribe
Total 26 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-5678 1 Nuuo 2 Nvrmini 2, Nvrsolo 2017-09-03 10.0 HIGH 9.8 CRITICAL
NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors.
CVE-2016-5680 2 Netgear, Nuuo 2 Readynas Surveillance, Nvrmini 2 2017-09-03 9.0 HIGH 8.8 HIGH
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
CVE-2016-5679 2 Netgear, Nuuo 2 Readynas Surveillance, Nvrmini 2 2017-09-03 9.0 HIGH 8.8 HIGH
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
CVE-2016-5674 2 Netgear, Nuuo 3 Readynas Surveillance, Nvrmini 2, Nvrsolo 2017-09-03 10.0 HIGH 9.8 CRITICAL
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.
CVE-2016-5676 2 Netgear, Nuuo 3 Readynas Surveillance, Nvrmini 2, Nvrsolo 2017-09-03 5.0 MEDIUM 7.5 HIGH
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.
CVE-2016-5677 2 Netgear, Nuuo 3 Readynas Surveillance, Nvrmini 2, Nvrsolo 2017-09-03 5.0 MEDIUM 7.5 HIGH
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.