Arbitrary Command Execution in NUUO NVRmini 2 and NETGEAR ReadyNAS Surveillance

Arbitrary Command Execution in NUUO NVRmini 2 and NETGEAR ReadyNAS Surveillance

CVE-2016-5679 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.

Learn more about our User Device Pen Test.