NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.
[
{
"product": "NUUO NVRMini2",
"vendor": "NUUO",
"versions": [
{
"status": "affected",
"version": "3.9.1"
}
]
}
]