cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.
The cgi_system binary can be called directly and given commands by anyone capable of accessing the web interface. To reset the administrator account password, for example, an unauthenticated attacker can make a request to:
http:///cgi-bin/cgi_system?cmd=loaddefconfig