Hillstone Networks

RULE（RULE ID：309636）

Rule General Information


Release Date:		2016-08-12

Rule Name:		NUUO NVRmini and NUUO NVRsolo Remote Code Execution Vulnerability -2 (CVE-2016-5674)

Severity:

CVE ID:

Rule Protection Details


Description:		__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.

Impact:		An attacker can abtain more privileges which he is not entitled to by exloiting the vulnerability, such as executing arbitrary code, deleting files, viewing sensitive information, changing configurations.

Affected OS:		Solaris, Other Unix, FreeBSD, Linux

Reference:		SecurityFocusBID:92318 http://www.kb.cert.org/vuls/id/856152 ExploitDB:40200

Solutions

No information about possible solutions is published. Please use an alternative product to substitude the affected software.