Back to KEVs

CVE-2016-5674

__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1...

Basic Information

CVE State
PUBLISHED
Reserved Date
June 16, 2016
Published Date
August 31, 2016
Last Updated
August 06, 2024
Vendor
NUUO, NETGEAR
Product
NVRmini 2, NVRsolo, ReadyNAS Surveillance
Description
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.
Tags
php nuclei_scanner edge metasploit_scanner

CVSS Scores

CVSS v2.0

10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS Score

Score
89.38% (Percentile: 99.51%) as of 2025-05-25

Exploit Status

Exploited in the Wild
Yes (2025-04-27 00:00:00 UTC) Source

References

http://www.kb.cert.org/vuls/id/856152 http://www.securityfocus.com/bid/92318 https://www.exploit-db.com/exploits/40200/

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-04-27 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nuuo_nvrmini_unauth_rce.rb 2025-04-29 11:01:14 UTC
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2016/CVE-2016-5674.yaml 2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

nuuo_nvrmini_unauth_rce

Type: metasploit • Created: Unknown

Metasploit module for CVE-2016-5674

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Detected by Nuclei

  • Added to KEVIntel

  • Detected by Metasploit