CVE-2016-5674

EPSS 94.6%

Vexday Risk Score

60Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 94.6%KEV nãoPoC públicaNuclei simMetasploit simPatch —

Lifecycle

04 Aug 2016Metasploit module available

05 Aug 2016Public PoC

31 Aug 2016Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.

Affected products

n/a · n/a

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/40200/unverified exploitdbwww.exploit-db.com/exploits/40200unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/40200/http://www.kb.cert.org/vuls/id/856152 http://www.securityfocus.com/bid/92318