6 matches found
CVE-2022-23227
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handleimportuser.php authentication. When combined with another flaw CVE-2011-5325, it is possible to overwrite arbitrary files under...
CVE-2022-23227
creationtimestamp| type| source ---|---|--- 2024-12-18 16:16:48+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113674722220637919 2024-12-18 17:55:14+00:00| seen| https://feedsin.space/feed/CISAKevBot/items/2928815 2024-12-18 21:10:03+00:00| seen|...
NUUO NVRmini 2 <= 03.11.0000.0016 RCE Vulnerability - Active Check
NUUO NVRmini 2 devices are prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2022-23227
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handleimportuser.php authentication. When combined with another flaw CVE-2011-5325, it is possible to overwrite arbitrary files under...
CVE-2022-23227
NUUO NVRmini2 devices (up to v3.11) are affected by a Missing Authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users due to handle_import_user.php not requiring authentication. When paired with CVE-2011-5...
CVE-2022-23227
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handleimportuser.php authentication. When combined with another flaw CVE-2011-5325, it is possible to overwrite arbitrary files under...