Intrusion Prevention

NUUO.Surveillance.Application.Password.Reset

Description

This indicates an attack attempt to exploit an Improper Authorization vulnerability in NUUO and Netgear Network Video Recorder (NVR) products.
The vulnerability is due to a lack of sanitizing of user supplied inputs in the application. A remote attacker may be able to exploit this to leverage their privileges on vulnerable systems.

Affected Products

NUUO NVRmini 2, firmware v1.7.5 to 3.0.0 (latest version v3.0.0 requires authentication)
NUUO NVRsolo, firmware v1.7.5 to 3.0.0 (latest version v3.0.0 requires authentication)
ReadyNAS Surveillance, v1.1.1 to v1.4.1

Impact

Privilege Escalation: Remote attackers can leverage their privilege on the vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

CVE References

CVE-2016-5676