- EPSS 52.85%
- Published 14.01.2022 18:15:10
- Last modified 13.03.2025 15:40:29
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325)...
- EPSS 35.13%
- Published 05.12.2018 11:29:05
- Last modified 21.11.2024 03:58:42
NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device.
- EPSS 54.3%
- Published 30.11.2018 20:29:00
- Last modified 21.11.2024 03:51:19
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.
- EPSS 16.74%
- Published 19.09.2018 15:29:06
- Last modified 21.11.2024 03:59:17
cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.
CVE-2018-1150
- EPSS 0.42%
- Published 19.09.2018 15:29:06
- Last modified 21.11.2024 03:59:17
NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists.