Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Nuuo Subscribe
Filtered by product Nvrmini2
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-23227 1 Nuuo 2 Nvrmini2, Nvrmini2 Firmware 2022-01-21 10.0 HIGH 9.8 CRITICAL
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root.
CVE-2018-1150 1 Nuuo 2 Nvrmini2, Nvrmini2 Firmware 2019-10-02 7.5 HIGH 7.3 HIGH
NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists.
CVE-2018-1149 1 Nuuo 2 Nvrmini2, Nvrmini2 Firmware 2018-12-07 10.0 HIGH 9.8 CRITICAL
cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.