CVE-2016-5677 - Vulnerability Details

Vendors	Products
Netgear	Readynas Surveillance
Nuuo	Nvrmini 2 Nvrsolo

Link	Providers
http://www.kb.cert.org/vuls/id/856152
http://www.securityfocus.com/bid/92318
https://www.exploit-db.com/exploits/40200/

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-08-01T00:00:00", "descriptions": [{"lang": "en", "value": "NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-02T09:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "VU#856152", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/856152"}, {"name": "92318", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92318"}, {"name": "40200", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/40200/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-5677", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "VU#856152", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/856152"}, {"name": "92318", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92318"}, {"name": "40200", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40200/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:07:59.947Z"}, "title": "CVE Program Container", "references": [{"name": "VU#856152", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/856152"}, {"name": "92318", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/92318"}, {"name": "40200", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/40200/"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-5677", "datePublished": "2016-08-31T15:00:00", "dateReserved": "2016-06-16T00:00:00", "dateUpdated": "2024-08-06T01:07:59.947Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2016-08-01T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-09-02T09:57:01 (string)

orgId : 37e5125f-f79b-445b-8fad-9564f167944b (string)

shortName : certcc (string)

}

references : [ »

0 : { »

name : VU#856152 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT-VN (string)

]

url : http://www.kb.cert.org/vuls/id/856152 (string)

}

1 : { »

name : 92318 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/92318 (string)

}

2 : { »

name : 40200 (string)

tags : [ »

0 : exploit (string)

1 : x_refsource_EXPLOIT-DB (string)

]

url : https://www.exploit-db.com/exploits/40200/ (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cert@cert.org (string)

ID : CVE-2016-5677 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : VU#856152 (string)

refsource : CERT-VN (string)

url : http://www.kb.cert.org/vuls/id/856152 (string)

}

1 : { »

name : 92318 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/92318 (string)

}

2 : { »

name : 40200 (string)

refsource : EXPLOIT-DB (string)

url : https://www.exploit-db.com/exploits/40200/ (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T01:07:59.947Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : VU#856152 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT-VN (string)

2 : x_transferred (string)

]

url : http://www.kb.cert.org/vuls/id/856152 (string)

}

1 : { »

name : 92318 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/92318 (string)

}

2 : { »

name : 40200 (string)

tags : [ »

0 : exploit (string)

1 : x_refsource_EXPLOIT-DB (string)

2 : x_transferred (string)

]

url : https://www.exploit-db.com/exploits/40200/ (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 37e5125f-f79b-445b-8fad-9564f167944b (string)

assignerShortName : certcc (string)

cveId : CVE-2016-5677 (string)

datePublished : 2016-08-31T15:00:00 (string)

dateReserved : 2016-06-16T00:00:00 (string)

dateUpdated : 2024-08-06T01:07:59.947Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E9350713-FE2D-4E0B-9F8C-DC75D39DBE94", "vulnerable": true}, {"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "EA1225D7-C268-4343-9988-7A75416B9860", "vulnerable": true}, {"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "B4596B86-FE04-4EF0-B2B0-DEA2F435FF19", "vulnerable": true}, {"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "000CBDBE-2C3C-4502-86A7-C3D098DE3C5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.3.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "2FA3A6C7-3EB1-466F-A2A4-C221821D1811", "vulnerable": true}, {"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B7D6B8FE-33D3-4080-BFF4-7EE8E2554CFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "44FC066D-B18D-4BC3-B43B-AA83EB186C7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:netgear:readynas_surveillance:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "D335E352-75D8-4A05-A040-2543B2B016DF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "7F373AAC-B792-45AB-B4FE-37FC6A91DE7B", "vulnerable": true}, {"criteria": "cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "9BD02ABB-65FF-4F08-9C99-69BB03A2AE07", "vulnerable": true}, {"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "949274A8-E85A-4344-A4F2-2E038B877874", "vulnerable": true}, {"criteria": "cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "AD3D600A-4E84-416C-BAAE-70684DCFD15E", "vulnerable": true}, {"criteria": "cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1EA286A6-CCCD-419A-B9DC-10F4B59FF2FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "825FB36D-A956-4C1A-8347-54847D2A165E", "vulnerable": true}, {"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "786F893A-E3F2-4FC5-A43D-4812CCEF4C9F", "vulnerable": true}, {"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FD3CF36E-67F3-40B9-A5F2-64B0165CA6C8", "vulnerable": true}, {"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.0.117:*:*:*:*:*:*:*", "matchCriteriaId": "0796B887-E3B9-4A15-99E5-B1853E02D6EA", "vulnerable": true}, {"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4BBFC870-408C-447D-B36F-0720074BAEF4", "vulnerable": true}, {"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "67ADE7D2-BEB9-4333-8211-CF8C84E85B25", "vulnerable": true}, {"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "24440F32-559E-407F-BC83-A272DEA20002", "vulnerable": true}, {"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6486CDA6-FEDD-4A3D-8123-0A1C71699FB3", "vulnerable": true}, {"criteria": "cpe:2.3:o:nuuo:nvrsolo:1.75:*:*:*:*:*:*:*", "matchCriteriaId": "E652B5F9-1A30-4830-A6C3-666998D29225", "vulnerable": true}, {"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C09EB9FB-26CB-4A2D-9113-882D80BC9BBD", "vulnerable": true}, {"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1D76A17A-872C-4281-8525-BA9388F181F8", "vulnerable": true}, {"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "DDEC215A-2E41-4CF6-BB86-BC472CDDC9AD", "vulnerable": true}, {"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "0EF7E86B-2D6D-41B2-B676-D963FAF622A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "C23EF235-9834-48E7-8B92-AE0EE0F461B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.1.20:*:*:*:*:*:*:*", "matchCriteriaId": "CE643FA9-EF8E-43A3-8E0C-819EC434040F", "vulnerable": true}, {"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "4347D1E4-E162-462E-9A30-2DF79A0010EA", "vulnerable": true}, {"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.7.10:*:*:*:*:*:*:*", "matchCriteriaId": "20B9E362-D36F-49BC-B695-46796662A3F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:nuuo:nvrsolo:2.3.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "51998757-3AAB-40E4-BDAB-B027843F1DBE", "vulnerable": true}, {"criteria": "cpe:2.3:o:nuuo:nvrsolo:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "EBCF388E-9FBD-4A85-9BA6-0DF7C85632EC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request."}, {"lang": "es", "value": "NUUO NVRmini 2 1.7.5 hasta la versi\u00f3n 3.0.0, NUUO NVRsolo 1.0.0 hasta la versi\u00f3n 3.0.0 y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versi\u00f3n 1.4.1 tienen una contrase\u00f1a codificada qwe23622260 para la cuenta nuuoeng, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n __nvr_status___.php."}], "id": "CVE-2016-5677", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-08-31T15:59:03.640", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/856152"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/92318"}, {"source": "cret@cert.org", "url": "https://www.exploit-db.com/exploits/40200/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/856152"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/92318"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/40200/"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:netgear:readynas_surveillance:1.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : E9350713-FE2D-4E0B-9F8C-DC75D39DBE94 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:netgear:readynas_surveillance:1.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : EA1225D7-C268-4343-9988-7A75416B9860 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:netgear:readynas_surveillance:1.2.0.4:*:*:*:*:*:*:* (string)

matchCriteriaId : B4596B86-FE04-4EF0-B2B0-DEA2F435FF19 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:netgear:readynas_surveillance:1.3.2.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 000CBDBE-2C3C-4502-86A7-C3D098DE3C5B (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:netgear:readynas_surveillance:1.3.2.14:*:*:*:*:*:*:* (string)

matchCriteriaId : 2FA3A6C7-3EB1-466F-A2A4-C221821D1811 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:netgear:readynas_surveillance:1.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : B7D6B8FE-33D3-4080-BFF4-7EE8E2554CFC (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:netgear:readynas_surveillance:1.4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 44FC066D-B18D-4BC3-B43B-AA83EB186C7D (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:netgear:readynas_surveillance:1.4.2:*:*:*:*:*:*:* (string)

matchCriteriaId : D335E352-75D8-4A05-A040-2543B2B016DF (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:nuuo:nvrmini_2:1.7.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 7F373AAC-B792-45AB-B4FE-37FC6A91DE7B (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:nuuo:nvrmini_2:1.7.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 9BD02ABB-65FF-4F08-9C99-69BB03A2AE07 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:nuuo:nvrmini_2:2.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 949274A8-E85A-4344-A4F2-2E038B877874 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:nuuo:nvrmini_2:2.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : AD3D600A-4E84-416C-BAAE-70684DCFD15E (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:nuuo:nvrmini_2:3.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 1EA286A6-CCCD-419A-B9DC-10F4B59FF2FB (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:nuuo:nvrsolo:1.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 825FB36D-A956-4C1A-8347-54847D2A165E (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:nuuo:nvrsolo:1.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 786F893A-E3F2-4FC5-A43D-4812CCEF4C9F (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:nuuo:nvrsolo:1.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : FD3CF36E-67F3-40B9-A5F2-64B0165CA6C8 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:nuuo:nvrsolo:1.1.0.117:*:*:*:*:*:*:* (string)

matchCriteriaId : 0796B887-E3B9-4A15-99E5-B1853E02D6EA (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:nuuo:nvrsolo:1.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 4BBFC870-408C-447D-B36F-0720074BAEF4 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:nuuo:nvrsolo:1.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 67ADE7D2-BEB9-4333-8211-CF8C84E85B25 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:nuuo:nvrsolo:1.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 24440F32-559E-407F-BC83-A272DEA20002 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:nuuo:nvrsolo:1.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 6486CDA6-FEDD-4A3D-8123-0A1C71699FB3 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:nuuo:nvrsolo:1.75:*:*:*:*:*:*:* (string)

matchCriteriaId : E652B5F9-1A30-4830-A6C3-666998D29225 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:nuuo:nvrsolo:2.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C09EB9FB-26CB-4A2D-9113-882D80BC9BBD (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:nuuo:nvrsolo:2.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 1D76A17A-872C-4281-8525-BA9388F181F8 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:nuuo:nvrsolo:2.1.5:*:*:*:*:*:*:* (string)

matchCriteriaId : DDEC215A-2E41-4CF6-BB86-BC472CDDC9AD (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:nuuo:nvrsolo:2.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 0EF7E86B-2D6D-41B2-B676-D963FAF622A8 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:o:nuuo:nvrsolo:2.3:*:*:*:*:*:*:* (string)

matchCriteriaId : C23EF235-9834-48E7-8B92-AE0EE0F461B5 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:o:nuuo:nvrsolo:2.3.1.20:*:*:*:*:*:*:* (string)

matchCriteriaId : CE643FA9-EF8E-43A3-8E0C-819EC434040F (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:o:nuuo:nvrsolo:2.3.7.9:*:*:*:*:*:*:* (string)

matchCriteriaId : 4347D1E4-E162-462E-9A30-2DF79A0010EA (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:o:nuuo:nvrsolo:2.3.7.10:*:*:*:*:*:*:* (string)

matchCriteriaId : 20B9E362-D36F-49BC-B695-46796662A3F0 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:o:nuuo:nvrsolo:2.3.9.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 51998757-3AAB-40E4-BDAB-B027843F1DBE (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:o:nuuo:nvrsolo:3.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : EBCF388E-9FBD-4A85-9BA6-0DF7C85632EC (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request. (string)

}

1 : { »

lang : es (string)

value : NUUO NVRmini 2 1.7.5 hasta la versión 3.0.0, NUUO NVRsolo 1.0.0 hasta la versión 3.0.0 y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versión 1.4.1 tienen una contraseña codificada qwe23622260 para la cuenta nuuoeng, lo que permite a atacantes remotos obtener información sensible a través de una petición __nvr_status___.php. (string)

}

]

id : CVE-2016-5677 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2016-08-31T15:59:03.640 (string)

references : [ »

0 : { »

source : cret@cert.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : http://www.kb.cert.org/vuls/id/856152 (string)

}

1 : { »

source : cret@cert.org (string)

url : http://www.securityfocus.com/bid/92318 (string)

}

2 : { »

source : cret@cert.org (string)

url : https://www.exploit-db.com/exploits/40200/ (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : http://www.kb.cert.org/vuls/id/856152 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/92318 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.exploit-db.com/exploits/40200/ (string)

}

]

sourceIdentifier : cret@cert.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-200 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object