Search Results | AttackerKB

Show filters

Topics 9 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

9 Total Results

Displaying 1-9 of 9

Attacker Value

Unknown

CVE-2016-11056

Disclosure Date: April 28, 2020 (last updated November 28, 2024)

Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier.

Attack Vector: Network Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2017-18861

Disclosure Date: April 28, 2020 (last updated February 21, 2025)

Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier.

Attack Vector: Adjacent Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2017-18378

Disclosure Date: June 11, 2019 (last updated November 27, 2024)

In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.

0

Attacker Value

Unknown

CVE-2016-5676

Disclosure Date: August 31, 2016 (last updated November 25, 2024)

cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.

0

Attacker Value

Unknown

CVE-2016-5675

Disclosure Date: August 31, 2016 (last updated November 25, 2024)

handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.

0

Attacker Value

Unknown

CVE-2016-5680

Disclosure Date: August 31, 2016 (last updated November 25, 2024)

Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.

0

Attacker Value

Unknown

CVE-2016-5677

Disclosure Date: August 31, 2016 (last updated November 25, 2024)

NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.

0

Attacker Value

Unknown

CVE-2016-5674

Disclosure Date: August 31, 2016 (last updated November 25, 2024)

__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.

0

Attacker Value

Unknown

CVE-2016-5679

Disclosure Date: August 31, 2016 (last updated November 25, 2024)

cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.

0