1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: NUUO NVRmini OS Command Injection Activity 3

Attack: NUUO NVRmini OS Command Injection Activity 3

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to execute arbitrary code, execute remote command and retrieve sensitive information; other attacks may also be possible.

Additional Information

NUUO and Netgear Network Multiple Products are prone to the following security vulnerabilities:

1. Multiple remote-code execution vulnerability because it fails to provide proper input-validation. Specifically, the issues exist in the following parameters and scripts: [CVE-2016-5676,CVE-2016-5675,CVE-2016-5674]

'log' parameter in '__debugging_center_utils__.php'
'NTPServer' parameter in 'handle_daylightsaving.php'
'cgi_system'

2. An information-disclosure vulnerability exists which can be accessed using hard-coded credentials. Specifically, the issue exists in '__nvr_status___.php' script'. [CVE-2016-5677]

3. A security-bypass vulnerability exists due to hard-coded credentials. An attacker can exploit this issue to gain root level privileges. [CVE-2016-5678]

3. A command-injection issue exists due to improper validation of user-provided input. Specifically, the issue occurs in 'sn' parameter of the 'transfer_license' command in 'cgi_main' script.[CVE-2016-5679]

4. A stack-based buffer-overflow vulnerability exists. Specifically, the issue occurs in 'sn' parameter of the 'transfer_license' command in 'cgi_main' script. An attacker can exploit this issue using a specifically crafted input.
[CVE-2016-5680]

Attackers can exploit these issues to execute arbitrary code, execute remote command and retrieve sensitive information; other attacks may also be possible.

Affected

  • Multiple of NUUO and Netgear Routers.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube