Arbitrary PHP Code Execution via NTPServer Parameter in NUUO NVRmini, NUUO NVRsolo, NUUO Crystal, and NETGEAR ReadyNAS Surveillance
CVE-2016-5675 · HIGH Severity
AV:N/AC:L/AU:N/C:C/I:C/A:C
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.
Learn more about our Cis Benchmark Audit For Server Software.