71 matches found
EUVD-2016-2103
Malware in sbrugna...
NUUO NVRmini2 Devices Missing Authentication Vulnerability
NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users...
CVE-2016-15038
A vulnerability, which was classified as critical, was found in NUUO NVRmini 2 up to 3.0.8. Affected is an unknown function of the file /deletefile.php. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed ...
CVE-2016-15038 NUUO NVRmini 2 deletefile.php path traversal
A vulnerability, which was classified as critical, was found in NUUO NVRmini 2 up to 3.0.8. Affected is an unknown function of the file /deletefile.php. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed ...
CVE-2016-15038 NUUO NVRmini 2 deletefile.php path traversal
A vulnerability, which was classified as critical, was found in NUUO NVRmini 2 up to 3.0.8. Affected is an unknown function of the file /deletefile.php. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed ...
NUUO NVRmini 2 <= 03.11.0000.0016 RCE Vulnerability - Active Check
NUUO NVRmini 2 devices are prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
NUUO NVRmini 2 Remote Code Execution
A remote code execution vulnerability exists in NUUO NVRmini 2. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
VulnCheck KEV: CVE-2016-5679
cgi-bin/cgimain in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transferlicense command...
NUUO NVRMini 2 3.9.1 - sscanf Stack Overflow
NUUO NVRMini 2 3.9.1 - sscanf Stack Overflow !/usr/bin/python Exploit Title: NUUO NVRMini2 3.9.1 'sscanf' stack overflow Google Dork: n/a Date: Advisory Published: Nov 18 Exploit Author: @0x00string Vendor Homepage: nuuo.com Software Link: https://www.nuuo.com/ProductNode.php?node=2 Version: 3.9....
NUUO NVR Unauthenticated Remote Code Execution
Added: 12/11/2018 Background NUUO is a surveillance solution provider. Problem The upgradehandle.php on NUUO NVRsolo, NVRsolo Plus, and NVRmini 2 devices allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. Resolution Upgrade to the...
NUUO NVR Unauthenticated Remote Code Execution
Added: 12/11/2018 Background NUUO is a surveillance solution provider. Problem The upgradehandle.php on NUUO NVRsolo, NVRsolo Plus, and NVRmini 2 devices allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. Resolution Upgrade to the...
NUUO NVRmini 2 < 3.10.0 Remote Stack Overflow Vulnerability
NUUO NVRmini 2 devices are prone to an unauthenticated remote stack overflow vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
NUUO NVRmini 2 < 3.9.1 File Upload Vulnerability - Active Check
NUUO NVRmini 2 devices are prone to a file upload vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nuuo:nuuo";...
CVE-2018-11523
upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files...
Default credentials
upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files...
CVE-2018-11523
upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files...
NUUO NVRmini 2 Arbitrary File Upload Vulnerability
The NUUO NVRmini 2 is a video storage management device from NUUO USA. A security vulnerability exists in the upload.php file in the NUUO NVRmini 2. An attacker can exploit this vulnerability to upload arbitrary files e.g., .php files...
CVE-2016-5680
Stack-based buffer overflow in cgi-bin/cgimain in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transferlicense command...
CVE-2016-5677
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an nvrstatus.php request...
CVE-2016-5676
cgi-bin/cgisystem in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action...