Lucene search
+L

59 matches found

cve
cve
added 2018/12/05 11:0 a.m.106 views

CVE-2018-19864

NUUO NVRmini2 (NVRMini 2) devices running firmware up to 3.9.1 are affected by a remote, unauthenticated stack overflow due to an sscanf vulnerability in the NVRMini 2 3.9.1 stack frame handling. The flaw allows remote attackers to trigger a buffer overflow, potentially enabling arbitrary code ex...

10CVSS9.6AI score0.24808EPSS
Exploits4References3Affected Software1
packetstorm
packetstorm
added 2018/12/05 12:0 a.m.44 views

NUUO NVRMini2 3.9.1 Command Injection

Exploit Title: NUUO NVRMini2 Authenticated Command Injection Date: December 3, 2018 Exploit Author: Artem Metla Vendor Homepage: https://www.nuuo.com/ProductNode.php?node=2 Version: 3.9.1 Tested on: NUUO NVRMini2 with firmware 3.9.1 CVE : CVE-2018-15716 Advisory:...

8.8AI score0.18498EPSS
Exploits5
exploitpack
exploitpack
added 2018/12/04 12:0 a.m.70 views

NUUO NVRMini2 3.9.1 - (Authenticated) Command Injection

NUUO NVRMini2 3.9.1 - Authenticated Command Injection Exploit Title: NUUO NVRMini2 Authenticated Command Injection Date: December 3, 2018 Exploit Author: Artem Metla Vendor Homepage: https://www.nuuo.com/ProductNode.php?node=2 Version: 3.9.1 Tested on: NUUO NVRMini2 with firmware 3.9.1 CVE :...

9CVSS0.1AI score0.18498EPSS
Exploits5
zdt
zdt
added 2018/12/04 12:0 a.m.57 views

NUUO NVRMini2 3.9.1 - Authenticated Command Injection Exploit

Exploit for php platform in category web applications Exploit Title: NUUO NVRMini2 Authenticated Command Injection Exploit Author: Artem Metla Vendor Homepage: https://www.nuuo.com/ProductNode.php?node=2 Version: 3.9.1 Tested on: NUUO NVRMini2 with firmware 3.9.1 CVE : CVE-2018-15716 Advisory:...

0.18498EPSS
Exploits5
exploitdb
exploitdb
added 2018/12/04 12:0 a.m.58 views

NUUO NVRMini2 3.9.1 - (Authenticated) Command Injection

Exploit Title: NUUO NVRMini2 Authenticated Command Injection Date: December 3, 2018 Exploit Author: Artem Metla Vendor Homepage: https://www.nuuo.com/ProductNode.php?node=2 Version: 3.9.1 Tested on: NUUO NVRMini2 with firmware 3.9.1 CVE : CVE-2018-15716 Advisory:...

9CVSS8.8AI score0.18498EPSS
Exploits5
nessus
nessus
added 2018/12/03 12:0 a.m.27 views

NUUO NVRMini2 Authenticated Command Injection

The version of NUUO NVRMini2 installed on the remote host is affected by authenticated remote command injection vulnerability. An attacker can send crafted requests to upgradehandle.php to execute OS commands as root. C Tenable Network Security, Inc. include'compat.inc'; if description...

9CVSS8.3AI score0.18498EPSS
Exploits5References2
nvd
nvd
added 2018/11/30 8:29 p.m.21 views

CVE-2018-15716

NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgradehandle.php to execute OS commands as root...

9CVSS9AI score0.18498EPSS
Exploits5References4
osv
osv
added 2018/11/30 8:29 p.m.4 views

CVE-2018-15716

NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgradehandle.php to execute OS commands as root...

8.8CVSS5.9AI score0.18498EPSS
Exploits5References4
prion
prion
added 2018/11/30 8:29 p.m.15 views

Command injection

NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgradehandle.php to execute OS commands as root...

9CVSS9AI score0.18498EPSS
Exploits5References4Affected Software1
cvelist
cvelist
added 2018/11/30 8:0 p.m.26 views

CVE-2018-15716

NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgradehandle.php to execute OS commands as root...

9.1AI score0.18498EPSS
Exploits5References4
cve
cve
added 2018/11/30 8:0 p.m.78 views

CVE-2018-15716

NUUO NVRMini2 version 3.9.1 is vulnerable to an authenticated command injection via upgrade_handle.php, allowing OS command execution as root. Exploitation details and PoCs are present in multiple sources (PacketStorm, Exploit-DB; authenticated flow shown). The advisory recommends upgrading to ve...

9CVSS8.9AI score0.18498EPSS
Exploits5References4Affected Software1
ics
ics
added 2018/10/11 12:0 a.m.512 views

NUUO NVRmini2 and NVRsolo

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: NUUO Equipment: NVRmini2, NVRsolo Vulnerabilities: Stack-based Buffer Overflow, Leftover Debug Code 2. RISK EVALUATION Successful exploitation of these...

10CVSS9.6AI score0.15226EPSS
Exploits2References5
checkpoint_advisories
checkpoint_advisories
added 2018/09/20 12:0 a.m.24 views

NUUO NVRMini2 Remote Code Execution (CVE-2018-1149)

A buffer overflow vulnerability exists in the HTTP interface of NUUO's NVRMini2 Network Video Recording systems. A remote unauthenticated attacker may use this vulnerability to execute arbitrary code on the vulnerable server...

10CVSS3.6AI score0.15226EPSS
Exploits1
osv
osv
added 2018/09/19 3:29 p.m.2 views

CVE-2018-1149

cgisystem in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests...

9.8CVSS6.1AI score0.15226EPSS
Exploits1References4
nvd
nvd
added 2018/09/19 3:29 p.m.17 views

CVE-2018-1150

NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists...

7.5CVSS7.8AI score0.0188EPSS
Exploits1References3
osv
osv
added 2018/09/19 3:29 p.m.6 views

CVE-2018-1150

NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists...

7.3CVSS5.8AI score0.0188EPSS
Exploits1References3
nvd
nvd
added 2018/09/19 3:29 p.m.15 views

CVE-2018-1149

cgisystem in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests...

10CVSS9.8AI score0.15226EPSS
Exploits1References4
prion
prion
added 2018/09/19 3:29 p.m.10 views

Input validation

NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists...

7.5CVSS7.7AI score0.0188EPSS
Exploits1References3Affected Software1
cve
cve
added 2018/09/19 3:0 p.m.70 views

CVE-2018-1149

CVE-2018-1149 affects NUUO NVRMini2 (and NVRSolo per ICS advisory) with firmware up to 3.8.0. A stack-based buffer overflow in the HTTP CGI interface (cgi_system) allows remote, unauthenticated code execution via crafted HTTP requests (cookie header causing overflow). Also documented is CVE-2018-...

10CVSS9.7AI score0.15226EPSS
Exploits1References4Affected Software1
cve
cve
added 2018/09/19 3:0 p.m.64 views

CVE-2018-1150

CVE-2018-1150 affects NUUO NVRMini2 (all versions

7.5CVSS7.6AI score0.0188EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder