Shodan
Vulnerabilities
Vulnerable Software
Nuuo:  Security Vulnerabilities
CVE-2018-17888
NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution.
CVSS Score
9.8
EPSS Score
0.419
Published
2018-10-12
CVE-2018-17890
NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.007
Published
2018-10-12
CVE-2018-17892
NUUO CMS all versions 3.1 and prior, The application implements a method of user account control that causes standard account security features to not be utilized as intended, which could allow user account compromise and may allow for remote code execution.
CVSS Score
8.8
EPSS Score
0.04
Published
2018-10-12
CVE-2018-17894
NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-10-12
CVE-2018-1149
cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.
CVSS Score
9.8
EPSS Score
0.167
Published
2018-09-19
CVE-2018-1150
NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists.
CVSS Score
7.3
EPSS Score
0.005
Published
2018-09-19
CVE-2018-14933
Known exploited
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
CVSS Score
9.8
EPSS Score
0.938
Published
2018-08-04
CVE-2016-6553
Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111. A remote network attacker can gain privileged access to a vulnerable device.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-07-13
CVE-2018-11523
upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.
CVSS Score
9.8
EPSS Score
0.221
Published
2018-05-29
CVE-2016-5680
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
CVSS Score
8.8
EPSS Score
0.333
Published
2016-08-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved