1 results (0.001 seconds)

CVSS: 9.0EPSS: 9%CPEs: 5EXPL: 3

NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root. NUUO NVRMini2 3.9.1 es vulnerable a una inyección de comandos remotos autenticada. Un atacante puede enviar peticiones manipuladas a upgrade_handle.php para ejecutar comandos del sistema operativo como root. NUUO NVRMini2 version 3.9.1 suffers from an authenticated command injection vulnerability. • https://www.exploit-db.com/exploits/45948 http://www.securityfocus.com/bid/106059 https://github.com/tenable/poc/tree/master/nuuo/nvrmini2/cve_2018_15716 https://www.tenable.com/security/research/tra-2018-41 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •