59 matches found
CVE-2018-19864
NUUO NVRmini2 (NVRMini 2) devices running firmware up to 3.9.1 are affected by a remote, unauthenticated stack overflow due to an sscanf vulnerability in the NVRMini 2 3.9.1 stack frame handling. The flaw allows remote attackers to trigger a buffer overflow, potentially enabling arbitrary code ex...
NUUO NVRMini2 3.9.1 Command Injection
Exploit Title: NUUO NVRMini2 Authenticated Command Injection Date: December 3, 2018 Exploit Author: Artem Metla Vendor Homepage: https://www.nuuo.com/ProductNode.php?node=2 Version: 3.9.1 Tested on: NUUO NVRMini2 with firmware 3.9.1 CVE : CVE-2018-15716 Advisory:...
NUUO NVRMini2 3.9.1 - (Authenticated) Command Injection
NUUO NVRMini2 3.9.1 - Authenticated Command Injection Exploit Title: NUUO NVRMini2 Authenticated Command Injection Date: December 3, 2018 Exploit Author: Artem Metla Vendor Homepage: https://www.nuuo.com/ProductNode.php?node=2 Version: 3.9.1 Tested on: NUUO NVRMini2 with firmware 3.9.1 CVE :...
NUUO NVRMini2 3.9.1 - Authenticated Command Injection Exploit
Exploit for php platform in category web applications Exploit Title: NUUO NVRMini2 Authenticated Command Injection Exploit Author: Artem Metla Vendor Homepage: https://www.nuuo.com/ProductNode.php?node=2 Version: 3.9.1 Tested on: NUUO NVRMini2 with firmware 3.9.1 CVE : CVE-2018-15716 Advisory:...
NUUO NVRMini2 3.9.1 - (Authenticated) Command Injection
Exploit Title: NUUO NVRMini2 Authenticated Command Injection Date: December 3, 2018 Exploit Author: Artem Metla Vendor Homepage: https://www.nuuo.com/ProductNode.php?node=2 Version: 3.9.1 Tested on: NUUO NVRMini2 with firmware 3.9.1 CVE : CVE-2018-15716 Advisory:...
NUUO NVRMini2 Authenticated Command Injection
The version of NUUO NVRMini2 installed on the remote host is affected by authenticated remote command injection vulnerability. An attacker can send crafted requests to upgradehandle.php to execute OS commands as root. C Tenable Network Security, Inc. include'compat.inc'; if description...
CVE-2018-15716
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgradehandle.php to execute OS commands as root...
CVE-2018-15716
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgradehandle.php to execute OS commands as root...
Command injection
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgradehandle.php to execute OS commands as root...
CVE-2018-15716
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgradehandle.php to execute OS commands as root...
CVE-2018-15716
NUUO NVRMini2 version 3.9.1 is vulnerable to an authenticated command injection via upgrade_handle.php, allowing OS command execution as root. Exploitation details and PoCs are present in multiple sources (PacketStorm, Exploit-DB; authenticated flow shown). The advisory recommends upgrading to ve...
NUUO NVRmini2 and NVRsolo
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: NUUO Equipment: NVRmini2, NVRsolo Vulnerabilities: Stack-based Buffer Overflow, Leftover Debug Code 2. RISK EVALUATION Successful exploitation of these...
NUUO NVRMini2 Remote Code Execution (CVE-2018-1149)
A buffer overflow vulnerability exists in the HTTP interface of NUUO's NVRMini2 Network Video Recording systems. A remote unauthenticated attacker may use this vulnerability to execute arbitrary code on the vulnerable server...
CVE-2018-1149
cgisystem in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests...
CVE-2018-1150
NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists...
CVE-2018-1150
NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists...
CVE-2018-1149
cgisystem in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests...
Input validation
NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists...
CVE-2018-1149
CVE-2018-1149 affects NUUO NVRMini2 (and NVRSolo per ICS advisory) with firmware up to 3.8.0. A stack-based buffer overflow in the HTTP CGI interface (cgi_system) allows remote, unauthenticated code execution via crafted HTTP requests (cookie header causing overflow). Also documented is CVE-2018-...
CVE-2018-1150
CVE-2018-1150 affects NUUO NVRMini2 (all versions