CVE-2016-5680

Опубликовано: 31 авг. 2016

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Средний

Описание

Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.

Ссылки

http://www.kb.cert.org/vuls/id/856152
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/92318
https://www.exploit-db.com/exploits/40200/
http://www.kb.cert.org/vuls/id/856152
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/92318
https://www.exploit-db.com/exploits/40200/

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*

cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*

cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*

cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.33302

Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-qjpx-gqc9-mcgx