Vulnerability Details CVE-2018-14933
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.938
EPSS Ranking 99.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Proposed Action
NUUO NVRmini devices contain an OS command injection vulnerability. This vulnerability allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
Ransomware Campaign
Unknown
References
Products affected by CVE-2018-14933
-
cpe:2.3:h:nuuo:nvrmini:-
-
cpe:2.3:o:nuuo:nvrmini_firmware:2016