HTTP: NUUO NVR-MINI Injection Attack

This signature detects attempts to exploit a known vulnerability against NUUO Products. A successful attack can lead to arbitrary code execution.

Extended Description

__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.

Affected Products

Nuuo nvrsolo

References

BugTraq: 92318

CVE: CVE-2016-5676

Short Name
HTTP:PHP:NUUO-DBGCMD-INJECTION
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Attack CVE-2016-5674 CVE-2016-5675 CVE-2016-5676 CVE-2016-5677 CVE-2016-5679 Injection NUUO NVR-MINI bid:92318
Release Date
08/18/2016
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3590
False Positive
Unknown
Vendors

Nuuo

Netgear

CVSS Score

9.0

10.0

5.0

Found a potential security threat?