CVSS: 9.0EPSS: 9%CPEs: 5EXPL: 3CVE-2018-15716 – NUUO NVRMini2 3.9.1 - (Authenticated) Command Injection
https://notcve.org/view.php?id=CVE-2018-15716
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root. NUUO NVRMini2 3.9.1 es vulnerable a una inyección de comandos remotos autenticada. Un atacante puede enviar peticiones manipuladas a upgrade_handle.php para ejecutar comandos del sistema operativo como root. NUUO NVRMini2 version 3.9.1 suffers from an authenticated command injection vulnerability. • https://www.exploit-db.com/exploits/45948 http://www.securityfocus.com/bid/106059 https://github.com/tenable/poc/tree/master/nuuo/nvrmini2/cve_2018_15716 https://www.tenable.com/security/research/tra-2018-41 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •