The NVRmini 2 Network Video Recorder and the ReadyNAS Surveillance application are vulnerable to an unauthenticated remote code execution on the exposed web administration interface. This results in code execution as root in the NVRmini and the 'admin' user in ReadyNAS. This exploit has been tested on several versions of the NVRmini 2 and the ReadyNAS Surveillance. It probably also works on the NVRsolo and other Nuuo devices, but it has not been tested in those devices.
4ba89f6c713b97601f4d0f7f4247df8839c79b72366474692143a9ce61a45d08
NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS suffer from multiple security issues that result in remote code execution, backdoor access, buffer overflow, and various other vulnerabilities.
bf5b9b9d392b13530fe4985e7374bba1178cae9346921dade84d3c31ba0891fc