122 matches found
NUUO NVRmini upgrade_handle.php Remote Command Execution Exploit
This Metasploit module exploits a vulnerability in the web application of NUUO NVRmini IP camera, which can be done by triggering the writeuploaddir command in the upgradehandle.php file. This module requires Metasploit: https://metasploit.com/download Current source:...
NUUO NVRmini upgrade_handle.php Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NUUO NVRmini upgradehandle.php Remote Command Execution', 'Description' = %q This exploits a vulnerability in the web application of NUUO NVRmini...
NUUO NVR Unauthenticated Remote Code Execution
Added: 12/11/2018 Background NUUO is a surveillance solution provider. Problem The upgradehandle.php on NUUO NVRsolo, NVRsolo Plus, and NVRmini 2 devices allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. Resolution Upgrade to the...
NUUO NVR Unauthenticated Remote Code Execution
Added: 12/11/2018 Background NUUO is a surveillance solution provider. Problem The upgradehandle.php on NUUO NVRsolo, NVRsolo Plus, and NVRmini 2 devices allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. Resolution Upgrade to the...
NUUO NVRmini upgrade_handle.php Remote Command Execution
This exploits a vulnerability in the web application of NUUO NVRmini IP camera, which can be done by triggering the writeuploaddir command in the upgradehandle.php file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
NUUO NVRmini 2 < 3.10.0 Remote Stack Overflow Vulnerability
NUUO NVRmini 2 devices are prone to an unauthenticated remote stack overflow vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
NUUO NVRMini2 Remote Code Execution Vulnerability
NUUO is one of the surveillance solution providers and NUUO NVRMini 2 is the NVR solution with NAS functionality. A remote code execution vulnerability exists in NUUO NVRMini 2. Due to a flaw in program logic, a stack overflow was caused by processing a GET request from /cgi-bin/cgisystem without...
Backdoor Vulnerability in NUUO NVRMini2
NUUO is one of the surveillance solution providers and NUUO NVRMini 2 is the NVR solution with NAS functionality. A backdoor vulnerability exists in NUUO NVRMini 2. When a specific file /tmp/moses/ exists in the file system of the target device, the backdoor will be opened, and any unauthorized...
CVE-2018-14933
upgradehandle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command...
Command injection
upgradehandle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command...
CVE-2018-14933
upgradehandle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command...
CVE-2018-14933
upgradehandle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command...
CVE-2018-14933
upgradehandle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command...
CVE-2018-14933
CVE-2018-14933 (NUOO NVRmini) : The vulnerability affects NUUO NVRmini devices via the upgrade_handle.php file. An attacker can inject shell metacharacters in the uploaddir parameter of a writeuploaddir command, leading to unauthenticated remote command execution. This corresponds to a remote cod...
PT-2018-12808 · Nuuo · Nuuo Nvrmini
Name of the Vulnerable Software and Affected Versions: NUUO NVRmini devices affected versions not specified Description: The issue allows for remote command execution via shell metacharacters in the uploaddir parameter for a "writeuploaddir" command in the "upgrade handle.php" file on NUUO NVRmin...
CVE-2018-14933
upgradehandle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
NUUO NVRmini - upgrade_handle.php Remote Command Execution Vulnerability
Exploit for hardware platform in category web applications Exploit Title: NUUO NVR Unauthenticated Remote Code Execution Exploit Author: Berk Dusunur Vendor Homepage: http://www.nuuo.com/ Software Link: http://www.nuuo.com/ Affected Version: v2016 Tested on: Parrot OS CVE : N/A Proof Of Concept G...
NUUO NVRmini - upgrade_handle.php Remote Command Execution
NUUO NVRmini - upgradehandle.php Remote Command Execution Exploit Title: NUUO NVR Unauthenticated Remote Code Execution Exploit Author: Berk Dusunur Google Dork: N/A Date: 2018-07-21 Vendor Homepage: http://www.nuuo.com/ Software Link: http://www.nuuo.com/ Affected Version: v2016 Tested on: Parro...
NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution
Exploit Title: NUUO NVR Unauthenticated Remote Code Execution Exploit Author: Berk Dusunur Google Dork: N/A Date: 2018-07-21 Vendor Homepage: http://www.nuuo.com/ Software Link: http://www.nuuo.com/ Affected Version: v2016 Tested on: Parrot OS CVE : N/A Proof Of Concept GET...
NUUO NVRmini 2 < 3.9.1 File Upload Vulnerability - Active Check
NUUO NVRmini 2 devices are prone to a file upload vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nuuo:nuuo";...