Video surveillance recorders RIDDLED with 0-days

There are multiple Web interface vulnerabilities in a network video recorder under Netgear’s ReadyNAS brand and various devices by video recording company NUUO.

The affected NUUO units are NVRmini 2, NVRsolo, and Crystal.

The CERT advisory lists six Common Vulnerabilities and Exposures (CVE) notices attacked to the affected products, ranging from input validation issues to buffer overruns. Under CVE-2016-5674, there’s a hidden page in the Web management interface that looks like someone wrote it while the product was under development, and forgot to take it out.


Read more: Video surveillance recorders RIDDLED with 0-days

Story added 8. August 2016, content source with full text you can find at link above.