Arbitrary PHP Code Execution via NTPServer Parameter in NUUO NVRmini, NUUO NVRsolo, NUUO Crystal, and NETGEAR ReadyNAS Surveillance

Arbitrary PHP Code Execution via NTPServer Parameter in NUUO NVRmini, NUUO NVRsolo, NUUO Crystal, and NETGEAR ReadyNAS Surveillance

CVE-2016-5675 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.

Learn more about our Cis Benchmark Audit For Server Software.