CVE-2016-5679

Опубликовано: 31 авг. 2016

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Средний

Описание

cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.

Ссылки

http://www.kb.cert.org/vuls/id/856152
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/92318
https://www.exploit-db.com/exploits/40200/
http://www.kb.cert.org/vuls/id/856152
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/92318
https://www.exploit-db.com/exploits/40200/

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*

cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*

cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*

cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.15463

Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-qv3w-r93f-fcxc