Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nuuo vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-14933
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
Nuuo Nvrmini Firmware 2016
1 EDB exploit
8.8
CVSSv3
CVE-2018-15716
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.
Nuuo Nvrmini2 Firmware 3.9.1
6.1
CVSSv3
CVE-2021-45812
NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal the user's session by injecting malicious JavaScript codes which leads to session hijacking.
Nuuo Nvrsolo Firmware 3.9.1
9.8
CVSSv3
CVE-2019-9653
NUUO Network Video Recorder Firmware 1.7.x up to and including 3.3.x allows unauthenticated malicious users to execute arbitrary commands via shell metacharacters to handle_load_config.php.
Nuuo Network Video Recorder Firmware
1 Github repository
9.8
CVSSv3
CVE-2022-25521
NUUO v03.11.00 exists to contain access control issue.
Nuuo Network Video Recorder Firmware
9.8
CVSSv3
CVE-2016-6553
Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111. A remote network attacker can gain privileged access to a vulnerable device.
Nuuo Nt-4040 Titan Firmware Nt-4040 01.07.0000.0015 1120
NA
CVE-2016-15038
A vulnerability, which was classified as critical, was found in NUUO NVRmini 2 up to 3.0.8. Affected is an unknown function of the file /deletefile.php. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit ha...
NA
CVE-2024-2995
A vulnerability was found in NUUO Camera up to 20240319 and classified as problematic. This issue affects some unknown processing of the file /deletefile.php. The manipulation of the argument filename leads to denial of service. The attack may be initiated remotely. The exploit h...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3