CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 3CVE-2022-23227
https://notcve.org/view.php?id=CVE-2022-23227
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root. NUUO NVRmini2 versiones hasta 3.11, permite a un atacante no autenticado subir un archivo TAR encriptado, que puede ser abusado para añadir usuarios arbitrarios debido a la falta de autenticación del archivo handle_import_user.php. Cuando es combinado con otro fallo (CVE-2011-5325), es posible sobrescribir archivos arbitrarios bajo el root de la web y lograr la ejecución de código como root • https://github.com/pedrib/PoC/blob/master/advisories/NUUO/nuuo_nvrmini_round2.mkd https://github.com/rapid7/metasploit-framework/pull/16044 https://news.ycombinator.com/item?id=29936569 https://portswigger.net/daily-swig/researcher-discloses-alleged-zero-day-vulnerabilities-in-nuuo-nvrmini2-recording-device • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 27%CPEs: 1EXPL: 1CVE-2018-19864 – NUUO NVRMini 2 3.9.1 - 'sscanf' Stack Overflow
https://notcve.org/view.php?id=CVE-2018-19864
NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device. NUUO NVRmini2 Network Video Recorder, con firmware hasta la versión 3.9.1, permite que atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio (desbordamiento de búfer), lo que resulta en la capacidad de leer los feeds de la cámara o reconfigurar el dispositivo. NUUO NVRMini 2 version 3.9.1 suffers from an sscanf stack overflow vulnerability. • https://www.exploit-db.com/exploits/46960 http://packetstormsecurity.com/files/153162/NUUO-NVRMini-2-3.9.1-Stack-Overflow.html https://www.digitaldefense.com/blog/zero-day-alerts/nuuo-firmware-disclosure https://www.nuuo.com/DownloadMainpage.php • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 9%CPEs: 5EXPL: 3CVE-2018-15716 – NUUO NVRMini2 3.9.1 - (Authenticated) Command Injection
https://notcve.org/view.php?id=CVE-2018-15716
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root. NUUO NVRMini2 3.9.1 es vulnerable a una inyección de comandos remotos autenticada. Un atacante puede enviar peticiones manipuladas a upgrade_handle.php para ejecutar comandos del sistema operativo como root. NUUO NVRMini2 version 3.9.1 suffers from an authenticated command injection vulnerability. • https://www.exploit-db.com/exploits/45948 http://www.securityfocus.com/bid/106059 https://github.com/tenable/poc/tree/master/nuuo/nvrmini2/cve_2018_15716 https://www.tenable.com/security/research/tra-2018-41 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-1150
https://notcve.org/view.php?id=CVE-2018-1150
NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists. NVRMini2 en versiones 3.8.0 y anteriores de NUUO contiene una puerta trasera que permitiría que un atacante remoto no autenticado controle cuentas de usuario si existe el archivo /tmp/moses. • http://www.securityfocus.com/bid/105720 https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf https://www.tenable.com/security/research/tra-2018-25 •
CVSS: 10.0EPSS: 6%CPEs: 2EXPL: 2CVE-2018-1149
https://notcve.org/view.php?id=CVE-2018-1149
cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests. cgi_system en NVRMini2 en versiones 3.8.0 y anteriores de NUUO permite que los atacantes remotos ejecuten código arbitrario mediante peticiones HTTP manipuladas • http://www.securityfocus.com/bid/105720 https://github.com/tenable/poc/tree/master/nuuo/nvrmini2 https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf https://www.tenable.com/security/research/tra-2018-25 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •