CVSS: 10.0EPSS: 44%CPEs: 2EXPL: 2CVE-2018-14933 – NUUO NVRmini - upgrade_handle.php Remote Command Execution
https://notcve.org/view.php?id=CVE-2018-14933
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. upgrade_handle.php en dispositivos NUUO NVRmini permite la ejecución remota de comandos mediante metacaracteres shell en el parámetro uploaddir de un comando writeuploaddir. • https://www.exploit-db.com/exploits/46340 https://www.exploit-db.com/exploits/45070 https://www.berkdusunur.net/2018/11/development-of-metasploit-module-after.html https://www.tenable.com/security/research/tra-2018-41 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 63%CPEs: 2EXPL: 1CVE-2018-11523 – NUUO NVRmini2 / NVRsolo - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2018-11523
upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files. upload.php en dispositivos NUUO NVRmini 2 permite la subida de archivos arbitrarios, como .php. • https://www.exploit-db.com/exploits/44794 https://github.com/unh3x/just4cve/issues/1 • CWE-434: Unrestricted Upload of File with Dangerous Type •