Nuuo: Security Vulnerabilities
NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php.
CVSS Score
6.1
EPSS Score
0.02
Published
2022-06-21
NUUO v03.11.00 was discovered to contain access control issue.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-03-29
CVE-2022-23227
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root.
Known exploited
CVSS Score
9.8
EPSS Score
0.529
Published
2022-01-14
NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal the user's session by injecting malicious JavaScript codes which leads to session hijacking.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-12-28
NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php.
CVSS Score
9.8
EPSS Score
0.86
Published
2019-05-31
NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device.
CVSS Score
9.8
EPSS Score
0.355
Published
2018-12-05
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.
CVSS Score
8.8
EPSS Score
0.608
Published
2018-11-30
NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.678
Published
2018-11-27
NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution.
CVSS Score
9.8
EPSS Score
0.672
Published
2018-11-27
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.668
Published
2018-11-27
Page 1