CVE-2022-23227

NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handleimportuser.php authentication. When combined with another flaw CVE-2011-5325, it is possible to overwrite arbitrary files under...

EUVD-2018-11788

Malware in sbrugna...

NUUO NVRmini2 <= 3.11.x Unrestricted Upload RCE

NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handleimportuser.php authentication. When combined with another flaw CVE-2011-5325, it is possible to overwrite arbitrary files under...

VulnCheck KEV: CVE-2022-23227

NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users...

NUUO NVRmini2 Command Execution Vulnerability

Founded in 2004, NUUO is one of the world's leading suppliers of surveillance solutions. NUUO's VMS and NVR solutions provide a full spectrum of recording for IP and analog cameras. The NUUO NVRmini2 command execution vulnerability can be exploited by an attacker to execute arbitrary commands wit...

NUUO NVRmini2 Authorization Issues Vulnerability

NUUO NVRMini2 is a small network DVR device from NUUO, Taiwan, China. The NUUO NVRmini2 suffers from an authorization issue vulnerability that can be exploited by attackers to upload encrypted TAR archives...

CVE-2022-23227

NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handleimportuser.php authentication. When combined with another flaw CVE-2011-5325, it is possible to overwrite arbitrary files under...

CVE-2022-23227

NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handleimportuser.php authentication. When combined with another flaw CVE-2011-5325, it is possible to overwrite arbitrary files under...

Design/Logic Flaw

NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handleimportuser.php authentication. When combined with another flaw CVE-2011-5325, it is possible to overwrite arbitrary files under...

CVE-2022-23227

NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handleimportuser.php authentication. When combined with another flaw CVE-2011-5325, it is possible to overwrite arbitrary files under...

CVE-2022-23227

NUUO NVRmini2 devices (up to v3.11) are affected by a Missing Authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users due to handle_import_user.php not requiring authentication. When paired with CVE-2011-5...

CVE-2022-23227

NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handleimportuser.php authentication. When combined with another flaw CVE-2011-5325, it is possible to overwrite arbitrary files under...

CVE-2022-23227

NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handleimportuser.php authentication. When combined with another flaw CVE-2011-5325, it is possible to overwrite arbitrary files under...

NUUO NVRmini2访问控制错误漏洞

NUUO NVRMini2 is a small network DVR device from NUUO, Taiwan, China. The NUUO NVRmini2 suffers from an authorization issue vulnerability that can be exploited by attackers to upload encrypted TAR archives...

NUUO NVRMini 2 3.9.1 Stack Overflow

!/usr/bin/python Exploit Title: NUUO NVRMini2 3.9.1 'sscanf' stack overflow Google Dork: n/a Date: Advisory Published: Nov 18 Exploit Author: @0x00string Vendor Homepage: nuuo.com Software Link: https://www.nuuo.com/ProductNode.php?node=2 Version: 3.9.1 and prior Tested on: 3.9.1 CVE :...

NUUO NVRMini 2 3.9.1 - (sscanf) Stack Overflow Exploit

!/usr/bin/python Exploit Title: NUUO NVRMini2 3.9.1 'sscanf' stack overflow Google Dork: n/a Date: Advisory Published: Nov 18 Exploit Author: @0x00string Vendor Homepage: nuuo.com Software Link: https://www.nuuo.com/ProductNode.php?node=2 Version: 3.9.1 and prior Tested on: 3.9.1 CVE :...

NUUO NVRMini 2 3.9.1 - &#039;sscanf&#039; Stack Overflow

!/usr/bin/python Exploit Title: NUUO NVRMini2 3.9.1 'sscanf' stack overflow Google Dork: n/a Date: Advisory Published: Nov 18 Exploit Author: @0x00string Vendor Homepage: nuuo.com Software Link: https://www.nuuo.com/ProductNode.php?node=2 Version: 3.9.1 and prior Tested on: 3.9.1 CVE :...

CVE-2018-19864

NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow, resulting in ability to read camera feeds or reconfigure the device...

Buffer overflow

NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow, resulting in ability to read camera feeds or reconfigure the device...

CVE-2018-19864

NUUO NVRmini2 (NVRMini 2) devices running firmware up to 3.9.1 are affected by a remote, unauthenticated stack overflow due to an sscanf vulnerability in the NVRMini 2 3.9.1 stack frame handling. The flaw allows remote attackers to trigger a buffer overflow, potentially enabling arbitrary code ex...