Skip to main content

Nvrmini2 Firmware

4 CVEs product

Monthly

CVE-2018-19864 CRITICAL POC PATCH THREAT Act Now

NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow Nvrmini2 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
24.8%
CVE-2018-15716 HIGH POC THREAT This Week

NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Nvrmini2 Firmware
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
18.5%
CVE-2018-1150 HIGH POC This Week

NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nvrmini2 Firmware
NVD
CVSS 3.0
7.3
EPSS
1.9%
CVE-2018-1149 CRITICAL POC THREAT Act Now

cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Nvrmini2 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
15.2%
EPSS 25% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow +1
NVD Exploit-DB
EPSS 18% CVSS 8.8
HIGH POC THREAT This Week

NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Nvrmini2 Firmware
NVD GitHub Exploit-DB
EPSS 2% CVSS 7.3
HIGH POC This Week

NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nvrmini2 Firmware
NVD
EPSS 15% CVSS 9.8
CRITICAL POC THREAT Act Now

cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Nvrmini2 Firmware
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy