cgi_system in NUUO’s NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.
[
{
"product": "NUUO NVRMini2",
"vendor": "NUUO",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 3.9.1"
}
]
}
]