CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 3CVE-2022-23227
https://notcve.org/view.php?id=CVE-2022-23227
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root. NUUO NVRmini2 versiones hasta 3.11, permite a un atacante no autenticado subir un archivo TAR encriptado, que puede ser abusado para añadir usuarios arbitrarios debido a la falta de autenticación del archivo handle_import_user.php. Cuando es combinado con otro fallo (CVE-2011-5325), es posible sobrescribir archivos arbitrarios bajo el root de la web y lograr la ejecución de código como root • https://github.com/pedrib/PoC/blob/master/advisories/NUUO/nuuo_nvrmini_round2.mkd https://github.com/rapid7/metasploit-framework/pull/16044 https://news.ycombinator.com/item?id=29936569 https://portswigger.net/daily-swig/researcher-discloses-alleged-zero-day-vulnerabilities-in-nuuo-nvrmini2-recording-device • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 27%CPEs: 1EXPL: 1CVE-2018-19864 – NUUO NVRMini 2 3.9.1 - 'sscanf' Stack Overflow
https://notcve.org/view.php?id=CVE-2018-19864
NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device. NUUO NVRmini2 Network Video Recorder, con firmware hasta la versión 3.9.1, permite que atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio (desbordamiento de búfer), lo que resulta en la capacidad de leer los feeds de la cámara o reconfigurar el dispositivo. NUUO NVRMini 2 version 3.9.1 suffers from an sscanf stack overflow vulnerability. • https://www.exploit-db.com/exploits/46960 http://packetstormsecurity.com/files/153162/NUUO-NVRMini-2-3.9.1-Stack-Overflow.html https://www.digitaldefense.com/blog/zero-day-alerts/nuuo-firmware-disclosure https://www.nuuo.com/DownloadMainpage.php • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 9%CPEs: 5EXPL: 3CVE-2018-15716 – NUUO NVRMini2 3.9.1 - (Authenticated) Command Injection
https://notcve.org/view.php?id=CVE-2018-15716
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root. NUUO NVRMini2 3.9.1 es vulnerable a una inyección de comandos remotos autenticada. Un atacante puede enviar peticiones manipuladas a upgrade_handle.php para ejecutar comandos del sistema operativo como root. NUUO NVRMini2 version 3.9.1 suffers from an authenticated command injection vulnerability. • https://www.exploit-db.com/exploits/45948 http://www.securityfocus.com/bid/106059 https://github.com/tenable/poc/tree/master/nuuo/nvrmini2/cve_2018_15716 https://www.tenable.com/security/research/tra-2018-41 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •