CVE-2018-19864
NUUO NVRMini 2 3.9.1 - 'sscanf' Stack Overflow
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device.
NUUO NVRmini2 Network Video Recorder, con firmware hasta la versión 3.9.1, permite que atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio (desbordamiento de búfer), lo que resulta en la capacidad de leer los feeds de la cámara o reconfigurar el dispositivo.
NUUO NVRMini 2 version 3.9.1 suffers from an sscanf stack overflow vulnerability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-12-05 CVE Reserved
- 2018-12-05 CVE Published
- 2019-06-04 First Exploit
- 2024-08-05 CVE Updated
- 2024-11-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/153162/NUUO-NVRMini-2-3.9.1-Stack-Overflow.html | X_refsource_misc |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/46960 | 2019-06-04 |
| URL | Date | SRC |
|---|---|---|
| https://www.digitaldefense.com/blog/zero-day-alerts/nuuo-firmware-disclosure | 2019-06-04 |
| URL | Date | SRC |
|---|---|---|
| https://www.nuuo.com/DownloadMainpage.php | 2019-06-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nuuo Search vendor "Nuuo" | Nvrmini2 Firmware Search vendor "Nuuo" for product "Nvrmini2 Firmware" | <= 3.9.1 Search vendor "Nuuo" for product "Nvrmini2 Firmware" and version " <= 3.9.1" | - |
Affected
| ||||||