Sep 9, 2016

今日のCVN, NETGEARいろいろ



netgear -- readynas_surveillance
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.

 隠しPHPページの、不適切なlogパラメータチェック。
未認証ユーザがroot権限で任意のコード実行
2016-08-31
10.0
CVE-2016-5674
CERT-VN 
netgear -- readynas_surveillance
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.

 当該PHPページのサニタイズ不足。
認証済みユーザがroot権限で任意のコード実行
2016-08-31
10.0
CVE-2016-5675
CERT-VN 
netgear -- readynas_surveillance
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
2016-08-31
9.0
CVE-2016-5679
CERT-VN 
netgear -- readynas_surveillance
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
2016-08-31
9.0
CVE-2016-5680
CERT-VN 


投稿者 時刻:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)