Search

Find a vulnerability

Search criteria

    5 vulnerabilities found for nvrmini2 by nuuo

    VAR-202201-2026

    Vulnerability from variot - Updated: 2025-11-18 15:22

    NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root. NUUO NVRmini2 There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NUUO NVRMini2 is a small network hard disk video recorder device from Taiwan NUUO company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202201-2026",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "nvrmini2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nuuo",
            "version": "3.11.0"
          },
          {
            "model": "nvrmini 2",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nuuo",
            "version": null
          },
          {
            "model": "nvrmini 2",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nuuo",
            "version": "nuuo nvrmini 2  firmware  3.11  to"
          },
          {
            "model": "nvrmini2",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "nuuo",
            "version": "03.11.0000.0005"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-70105"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003358"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23227"
          }
        ]
      },
      "cve": "CVE-2022-23227",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2022-23227",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2022-70105",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-23227",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-23227",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-23227",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-23227",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-23227",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-70105",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202201-1329",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-23227",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-70105"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23227"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1329"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003358"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23227"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23227"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root. NUUO NVRmini2 There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NUUO NVRMini2 is a small network hard disk video recorder device from Taiwan NUUO company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-23227"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003358"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-70105"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23227"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-23227",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003358",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-70105",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1329",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23227",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-70105"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23227"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1329"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003358"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23227"
          }
        ]
      },
      "id": "VAR-202201-2026",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-70105"
          }
        ],
        "trust": 1.198015885
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-70105"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:22:13.577000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.nuuo.com/"
          },
          {
            "title": "Patch for NUUO NVRmini2 Authorization Issue Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/358241"
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-23305 "
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-RCE "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-70105"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23227"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003358"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-306",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003358"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23227"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://portswigger.net/daily-swig/researcher-discloses-alleged-zero-day-vulnerabilities-in-nuuo-nvrmini2-recording-device"
          },
          {
            "trust": 2.5,
            "url": "https://github.com/pedrib/poc/blob/master/advisories/nuuo/nuuo_nvrmini_round2.mkd"
          },
          {
            "trust": 2.5,
            "url": "https://github.com/rapid7/metasploit-framework/pull/16044"
          },
          {
            "trust": 1.7,
            "url": "https://news.ycombinator.com/item?id=29936569"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23227"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2022-23227"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/306.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-23305"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-70105"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23227"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1329"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003358"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23227"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-70105"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23227"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1329"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003358"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23227"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-70105"
          },
          {
            "date": "2022-01-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23227"
          },
          {
            "date": "2022-01-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-1329"
          },
          {
            "date": "2023-02-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003358"
          },
          {
            "date": "2022-01-14T18:15:10.303000",
            "db": "NVD",
            "id": "CVE-2022-23227"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-70105"
          },
          {
            "date": "2022-01-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23227"
          },
          {
            "date": "2022-01-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202201-1329"
          },
          {
            "date": "2023-02-15T07:43:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003358"
          },
          {
            "date": "2025-11-07T19:02:45.277000",
            "db": "NVD",
            "id": "CVE-2022-23227"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1329"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NUUO\u00a0NVRmini2\u00a0 Vulnerability regarding lack of authentication for critical features in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003358"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202201-1329"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201812-1058

    Vulnerability from variot - Updated: 2025-01-30 20:05

    NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device. NUUO NVRmini2 Network Video Recorder The firmware contains a buffer error vulnerability and an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO NVRMini2 is a small network DVR device from NUUO. There is a security vulnerability in NUUO NVRmini2 with firmware version 3.9.1 and earlier

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201812-1058",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "nvrmini2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nuuo",
            "version": "3.9.1"
          },
          {
            "model": "nvrmini 2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "nuuo",
            "version": "3.9.1"
          },
          {
            "model": "nvrmini2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nuuo",
            "version": "3.9.1"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012533"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-188"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19864"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:nuuo:nvrmini_2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012533"
          }
        ]
      },
      "cve": "CVE-2018-19864",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-19864",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-130566",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-19864",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19864",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19864",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201812-188",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-130566",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-19864",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-130566"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19864"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012533"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-188"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19864"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device. NUUO NVRmini2 Network Video Recorder The firmware contains a buffer error vulnerability and an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO NVRMini2 is a small network DVR device from NUUO. There is a security vulnerability in NUUO NVRmini2 with firmware version 3.9.1 and earlier",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19864"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012533"
          },
          {
            "db": "VULHUB",
            "id": "VHN-130566"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19864"
          }
        ],
        "trust": 1.8
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-130566",
            "trust": 0.1,
            "type": "unknown"
          },
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=46960",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-130566"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19864"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19864",
            "trust": 2.7
          },
          {
            "db": "PACKETSTORM",
            "id": "153162",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012533",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-188",
            "trust": 0.7
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-130566",
            "trust": 0.1
          },
          {
            "db": "EXPLOIT-DB",
            "id": "46960",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19864",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-130566"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19864"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012533"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-188"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19864"
          }
        ]
      },
      "id": "VAR-201812-1058",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-130566"
          }
        ],
        "trust": 0.7980158850000001
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "camera device"
            ],
            "sub_category": "video camera",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          }
        ]
      },
      "last_update_date": "2025-01-30T20:05:36.463000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "NUUO NVRMini 2",
            "trust": 0.8,
            "url": "https://www.nuuo.com/DownloadMainpage.php"
          },
          {
            "title": "CVE-2018-19864",
            "trust": 0.1,
            "url": "https://github.com/NotEth1calHack3r/CVE-2018-19864 "
          },
          {
            "title": "CVE-POC",
            "trust": 0.1,
            "url": "https://github.com/0xT11/CVE-POC "
          },
          {
            "title": "PoC-in-GitHub",
            "trust": 0.1,
            "url": "https://github.com/nomi-sec/PoC-in-GitHub "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-19864"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012533"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-20",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-130566"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012533"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19864"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://www.digitaldefense.com/blog/zero-day-alerts/nuuo-firmware-disclosure/"
          },
          {
            "trust": 1.8,
            "url": "http://packetstormsecurity.com/files/153162/nuuo-nvrmini-2-3.9.1-stack-overflow.html"
          },
          {
            "trust": 1.8,
            "url": "https://www.nuuo.com/downloadmainpage.php"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19864"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19864"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/20.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/noteth1calhack3r/cve-2018-19864"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.exploit-db.com/exploits/46960"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/nomi-sec/poc-in-github"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-130566"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19864"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012533"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-188"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19864"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-130566"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-19864"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012533"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-188"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19864"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-12-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-130566"
          },
          {
            "date": "2018-12-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19864"
          },
          {
            "date": "2019-02-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012533"
          },
          {
            "date": "2018-12-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201812-188"
          },
          {
            "date": "2018-12-05T11:29:05.937000",
            "db": "NVD",
            "id": "CVE-2018-19864"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-130566"
          },
          {
            "date": "2019-06-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-19864"
          },
          {
            "date": "2019-02-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012533"
          },
          {
            "date": "2019-06-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201812-188"
          },
          {
            "date": "2024-11-21T03:58:42.880000",
            "db": "NVD",
            "id": "CVE-2018-19864"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-188"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NUUO NVRmini2 Network Video Recorder Firmware buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012533"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-188"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0051

    Vulnerability from variot - Updated: 2024-11-23 22:48

    NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root. NUUO NVRMini2 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO NVRmini Products are prone to an remote command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks. NOTE: This issue is the result of an incomplete fix for the issue described in BID 106058 (NUUO NVRmini Products CVE-2018-14933 Remote Command Injection Vulnerability). NUUO NVRMini2 is a small network DVR device from NUUO

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0051",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "nvrmini2",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "nuuo",
            "version": "3.9.1"
          },
          {
            "model": "nvrmini 2",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nuuo",
            "version": "3.9.1"
          },
          {
            "model": "nvrsolo plus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "3.10"
          },
          {
            "model": "nvrsolo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "3.10"
          },
          {
            "model": "nvrmini",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "23.10"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "106059"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012507"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-004"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-15716"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:nuuo:nvrmini_2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012507"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenable",
        "sources": [
          {
            "db": "BID",
            "id": "106059"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-15716",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2018-15716",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-126003",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-15716",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-15716",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-15716",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201812-004",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-126003",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-15716",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-126003"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-15716"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012507"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-004"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-15716"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root. NUUO NVRMini2 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO NVRmini Products are prone to an remote command-injection vulnerability. \nAn attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks. \nNOTE: This issue is the result of an incomplete fix for the issue  described in BID 106058 (NUUO NVRmini Products CVE-2018-14933 Remote Command Injection Vulnerability). NUUO NVRMini2 is a small network DVR device from NUUO",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-15716"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012507"
          },
          {
            "db": "BID",
            "id": "106059"
          },
          {
            "db": "VULHUB",
            "id": "VHN-126003"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-15716"
          }
        ],
        "trust": 2.07
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-126003",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-126003"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "TENABLE",
            "id": "TRA-2018-41",
            "trust": 2.9
          },
          {
            "db": "NVD",
            "id": "CVE-2018-15716",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "106059",
            "trust": 2.1
          },
          {
            "db": "EXPLOIT-DB",
            "id": "45948",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012507",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-004",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "150624",
            "trust": 0.2
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-97703",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-126003",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-15716",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-126003"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-15716"
          },
          {
            "db": "BID",
            "id": "106059"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012507"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-004"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-15716"
          }
        ]
      },
      "id": "VAR-201811-0051",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-126003"
          }
        ],
        "trust": 0.698015885
      },
      "last_update_date": "2024-11-23T22:48:32.714000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.nuuo.com/"
          },
          {
            "title": "NUUO NVRMini2 Fixes for command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87340"
          },
          {
            "title": "Check Point Security Alerts: NUUO NVRMini Command Injection (CVE-2018-14933; CVE-2018-15716)",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=check_point_security_alerts\u0026qid=2b0f048b5c4fc953f301d53a3560d6aa"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-15716"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012507"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-004"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-126003"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012507"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-15716"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "https://www.tenable.com/security/research/tra-2018-41"
          },
          {
            "trust": 1.9,
            "url": "http://www.securityfocus.com/bid/106059"
          },
          {
            "trust": 1.8,
            "url": "https://www.exploit-db.com/exploits/45948/"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/tenable/poc/tree/master/nuuo/nvrmini2/cve_2018_15716"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15716"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15716"
          },
          {
            "trust": 0.3,
            "url": "https://www.nuuo.com"
          },
          {
            "trust": 0.3,
            "url": "https://github.com/tenable/poc/tree/master/nuuo/nvrmini2/cve_2018_1149"
          },
          {
            "trust": 0.3,
            "url": "https://github.com/tenable/poc/blob/master/nuuo/nvrmini2/cve_2018_15716/poc_nuuo_upgrade_handle.py"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://packetstormsecurity.com/files/150624/nuuo-nvrmini2-3.9.1-command-injection.html"
          },
          {
            "trust": 0.1,
            "url": "https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2018-2636.html"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-126003"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-15716"
          },
          {
            "db": "BID",
            "id": "106059"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012507"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-004"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-15716"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-126003"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-15716"
          },
          {
            "db": "BID",
            "id": "106059"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012507"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-004"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-15716"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-126003"
          },
          {
            "date": "2018-11-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-15716"
          },
          {
            "date": "2018-11-30T00:00:00",
            "db": "BID",
            "id": "106059"
          },
          {
            "date": "2019-02-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012507"
          },
          {
            "date": "2018-12-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201812-004"
          },
          {
            "date": "2018-11-30T20:29:00.270000",
            "db": "NVD",
            "id": "CVE-2018-15716"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-126003"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-15716"
          },
          {
            "date": "2018-11-30T00:00:00",
            "db": "BID",
            "id": "106059"
          },
          {
            "date": "2019-02-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012507"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201812-004"
          },
          {
            "date": "2024-11-21T03:51:19.900000",
            "db": "NVD",
            "id": "CVE-2018-15716"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-004"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NUUO NVRMini2 In  OS Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012507"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-004"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201809-0280

    Vulnerability from variot - Updated: 2024-11-23 22:12

    cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests. NUUO NVRMini2 Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO is one of the monitoring solution providers, and NUUO NVRMini 2 is a NAS-enabled NVR solution. NUUO NVRMini2 has a remote code execution vulnerability. Due to program logic defects, the length of the HTTP header cookie field was not checked when processing the GET request of /cgi-bin/cgi_system and the sprintf function was used for splicing, resulting in a stack overflow. By constructing specially crafted data, an attacker can exploit this vulnerability to execute arbitrary commands on the target device. Failed exploit attempts may result in a denial-of-service condition. NVRmini2 and NVRsolo 3.8.0 and prior are vulnerable. NUUO NVRmini 2 is a video storage management device produced by American NUUO company. There is a security vulnerability in cgi_system in NUUO NVRMini 2 3.8.0 and earlier versions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0280",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "nvrmini2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nuuo",
            "version": "3.8.0"
          },
          {
            "model": "nvrmini 2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "nuuo",
            "version": "3.8.0"
          },
          {
            "model": "nvrmini2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nuuo",
            "version": "03.07.0000.0011"
          },
          {
            "model": "nvrmini2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nuuo",
            "version": "03.08.0000.0005"
          },
          {
            "model": "nvrmini2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nuuo",
            "version": "3.8.0"
          },
          {
            "model": "nvrsolo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "3.8"
          },
          {
            "model": "nvrsolo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "3.0"
          },
          {
            "model": "nvrsolo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "2.0"
          },
          {
            "model": "nvrsolo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "1.0"
          },
          {
            "model": "nvrmini",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "23.8"
          },
          {
            "model": "nvrmini",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "23.0"
          },
          {
            "model": "nvrmini",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "22.0"
          },
          {
            "model": "nvrmini",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "21.7.5"
          },
          {
            "model": "nvrsolo",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "3.9.1"
          },
          {
            "model": "nvrmini",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "23.9.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "nvrmini2",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19317"
          },
          {
            "db": "BID",
            "id": "105720"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011477"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-862"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1149"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:nuuo:nvrmini_2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011477"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jacob Baines of Tenable",
        "sources": [
          {
            "db": "BID",
            "id": "105720"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-1149",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-1149",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-19317",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "e2fb9481-39ab-11e9-880f-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-121354",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-1149",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-1149",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-1149",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-19317",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-862",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2fb9481-39ab-11e9-880f-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-121354",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-1149",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19317"
          },
          {
            "db": "VULHUB",
            "id": "VHN-121354"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1149"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011477"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-862"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1149"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cgi_system in NUUO\u0027s NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests. NUUO NVRMini2 Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO is one of the monitoring solution providers, and NUUO NVRMini 2 is a NAS-enabled NVR solution. NUUO NVRMini2 has a remote code execution vulnerability. Due to program logic defects, the length of the HTTP header cookie field was not checked when processing the GET request of /cgi-bin/cgi_system and the sprintf function was used for splicing, resulting in a stack overflow. By constructing specially crafted data, an attacker can exploit this vulnerability to execute arbitrary commands on the target device. Failed exploit attempts may result in a denial-of-service condition. \nNVRmini2 and NVRsolo 3.8.0 and prior are vulnerable. NUUO NVRmini 2 is a video storage management device produced by American NUUO company. There is a security vulnerability in cgi_system in NUUO NVRMini 2 3.8.0 and earlier versions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-1149"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011477"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19317"
          },
          {
            "db": "BID",
            "id": "105720"
          },
          {
            "db": "IVD",
            "id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-121354"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1149"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-1149",
            "trust": 3.7
          },
          {
            "db": "TENABLE",
            "id": "TRA-2018-25",
            "trust": 2.4
          },
          {
            "db": "BID",
            "id": "105720",
            "trust": 1.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-284-01",
            "trust": 1.2
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-862",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19317",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011477",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2FB9481-39AB-11E9-880F-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-121354",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1149",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19317"
          },
          {
            "db": "VULHUB",
            "id": "VHN-121354"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1149"
          },
          {
            "db": "BID",
            "id": "105720"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011477"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-862"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1149"
          }
        ]
      },
      "id": "VAR-201809-0280",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19317"
          },
          {
            "db": "VULHUB",
            "id": "VHN-121354"
          }
        ],
        "trust": 1.498015885
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19317"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:12:21.206000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "NUUO version 3.9.1 Release date_2018.09",
            "trust": 0.8,
            "url": "https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf"
          },
          {
            "title": "NUUO NVRMini 2 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84988"
          },
          {
            "title": "Exp101tsArchiv30thers",
            "trust": 0.1,
            "url": "https://github.com/nu11secur1ty/Exp101tsArchiv30thers "
          },
          {
            "title": "awesome-cve-poc_qazbnm456",
            "trust": 0.1,
            "url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
          },
          {
            "title": "BleepingComputer",
            "trust": 0.1,
            "url": "https://www.bleepingcomputer.com/news/security/critical-rce-peekaboo-bug-in-nvr-surveillance-system-poc-available/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-1149"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011477"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-862"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-121354"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011477"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1149"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.tenable.com/security/research/tra-2018-25"
          },
          {
            "trust": 2.4,
            "url": "https://github.com/tenable/poc/tree/master/nuuo/nvrmini2"
          },
          {
            "trust": 1.8,
            "url": "https://www.nuuo.com/backend/ckedit/upload/files/nuuo_nvrsolo_v3_9_1_release%20note.pdf"
          },
          {
            "trust": 1.2,
            "url": "http://www.securityfocus.com/bid/105720"
          },
          {
            "trust": 1.2,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-284-01"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1149"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1149"
          },
          {
            "trust": 0.3,
            "url": "http://www.nuuo.com/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-19317"
          },
          {
            "db": "VULHUB",
            "id": "VHN-121354"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1149"
          },
          {
            "db": "BID",
            "id": "105720"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011477"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-862"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1149"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19317"
          },
          {
            "db": "VULHUB",
            "id": "VHN-121354"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1149"
          },
          {
            "db": "BID",
            "id": "105720"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011477"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-862"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1149"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-19T00:00:00",
            "db": "IVD",
            "id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
          },
          {
            "date": "2018-09-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-19317"
          },
          {
            "date": "2018-09-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-121354"
          },
          {
            "date": "2018-09-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-1149"
          },
          {
            "date": "2018-10-11T00:00:00",
            "db": "BID",
            "id": "105720"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011477"
          },
          {
            "date": "2018-09-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-862"
          },
          {
            "date": "2018-09-19T15:29:06.063000",
            "db": "NVD",
            "id": "CVE-2018-1149"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-19317"
          },
          {
            "date": "2018-12-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-121354"
          },
          {
            "date": "2018-12-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-1149"
          },
          {
            "date": "2018-10-11T00:00:00",
            "db": "BID",
            "id": "105720"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011477"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-862"
          },
          {
            "date": "2024-11-21T03:59:17.307000",
            "db": "NVD",
            "id": "CVE-2018-1149"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-862"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NUUO NVRMini2 Remote code execution vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19317"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-862"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201809-0281

    Vulnerability from variot - Updated: 2024-11-23 22:12

    NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists. NUUO NVRMini2 Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO is one of the monitoring solution providers, and NUUO NVRMini 2 is a NAS-enabled NVR solution. There is a backdoor vulnerability in NUUO NVRMini2. When the target device file system has a specific file /tmp/moses/, the backdoor will be opened, and any unauthorized user can obtain the user list of the non-admin user and change the password by using the API to implement the takeover of the NVR device. An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. NVRmini2 and NVRsolo 3.8.0 and prior are vulnerable. NUUO NVRmini 2 is a video storage management device produced by American NUUO company. There is a security vulnerability in NUUO NVRMini 2 3.8.0 and earlier versions, which is caused by the backdoor in the program

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0281",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "nvrmini2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nuuo",
            "version": "3.8.0"
          },
          {
            "model": "nvrmini 2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "nuuo",
            "version": "3.8.0"
          },
          {
            "model": "nvrmini2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nuuo",
            "version": "03.07.0000.0011"
          },
          {
            "model": "nvrmini2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nuuo",
            "version": "03.08.0000.0005"
          },
          {
            "model": "nvrmini2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nuuo",
            "version": "3.8.0"
          },
          {
            "model": "nvrsolo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "3.8"
          },
          {
            "model": "nvrsolo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "3.0"
          },
          {
            "model": "nvrsolo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "2.0"
          },
          {
            "model": "nvrsolo",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "1.0"
          },
          {
            "model": "nvrmini",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "23.8"
          },
          {
            "model": "nvrmini",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "23.0"
          },
          {
            "model": "nvrmini",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "22.0"
          },
          {
            "model": "nvrmini",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "21.7.5"
          },
          {
            "model": "nvrsolo",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "3.9.1"
          },
          {
            "model": "nvrmini",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "nuuo",
            "version": "23.9.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "nvrmini2",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fb9480-39ab-11e9-9752-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19318"
          },
          {
            "db": "BID",
            "id": "105720"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011478"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-863"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1150"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:nuuo:nvrmini_2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011478"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jacob Baines of Tenable",
        "sources": [
          {
            "db": "BID",
            "id": "105720"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-1150",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-1150",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-19318",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e2fb9480-39ab-11e9-9752-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-121365",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-1150",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-1150",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-1150",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-19318",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201809-863",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2fb9480-39ab-11e9-9752-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-121365",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-1150",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fb9480-39ab-11e9-9752-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19318"
          },
          {
            "db": "VULHUB",
            "id": "VHN-121365"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011478"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-863"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1150"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NUUO\u0027s NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists. NUUO NVRMini2 Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO is one of the monitoring solution providers, and NUUO NVRMini 2 is a NAS-enabled NVR solution. There is a backdoor vulnerability in NUUO NVRMini2. When the target device file system has a specific file /tmp/moses/, the backdoor will be opened, and any unauthorized user can obtain the user list of the non-admin user and change the password by using the API to implement the takeover of the NVR device. \nAn attacker can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. \nNVRmini2 and NVRsolo 3.8.0 and prior are vulnerable. NUUO NVRmini 2 is a video storage management device produced by American NUUO company. There is a security vulnerability in NUUO NVRMini 2 3.8.0 and earlier versions, which is caused by the backdoor in the program",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-1150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011478"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19318"
          },
          {
            "db": "BID",
            "id": "105720"
          },
          {
            "db": "IVD",
            "id": "e2fb9480-39ab-11e9-9752-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-121365"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1150"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-1150",
            "trust": 3.7
          },
          {
            "db": "TENABLE",
            "id": "TRA-2018-25",
            "trust": 2.4
          },
          {
            "db": "BID",
            "id": "105720",
            "trust": 2.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-284-01",
            "trust": 1.2
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-863",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19318",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011478",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2FB9480-39AB-11E9-9752-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-121365",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1150",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fb9480-39ab-11e9-9752-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19318"
          },
          {
            "db": "VULHUB",
            "id": "VHN-121365"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1150"
          },
          {
            "db": "BID",
            "id": "105720"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011478"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-863"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1150"
          }
        ]
      },
      "id": "VAR-201809-0281",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2fb9480-39ab-11e9-9752-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19318"
          },
          {
            "db": "VULHUB",
            "id": "VHN-121365"
          }
        ],
        "trust": 1.498015885
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2fb9480-39ab-11e9-9752-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19318"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:12:21.163000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "NUUO version 3.9.1 Release date_2018.09",
            "trust": 0.8,
            "url": "https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf"
          },
          {
            "title": "NUUO NVRmini 2 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84989"
          },
          {
            "title": "Awesome CVE PoC",
            "trust": 0.1,
            "url": "https://github.com/lnick2023/nicenice "
          },
          {
            "title": "Awesome CVE PoC",
            "trust": 0.1,
            "url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
          },
          {
            "title": "Awesome CVE PoC",
            "trust": 0.1,
            "url": "https://github.com/qazbnm456/awesome-cve-poc "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-1150"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011478"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-863"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-254",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-121365"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011478"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1150"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.tenable.com/security/research/tra-2018-25"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/105720"
          },
          {
            "trust": 1.8,
            "url": "https://www.nuuo.com/backend/ckedit/upload/files/nuuo_nvrsolo_v3_9_1_release%20note.pdf"
          },
          {
            "trust": 1.2,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-284-01"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1150"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1150"
          },
          {
            "trust": 0.6,
            "url": "https://github.com/tenable/poc/tree/master/nuuo/nvrmini2"
          },
          {
            "trust": 0.3,
            "url": "http://www.nuuo.com/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/qazbnm456/awesome-cve-poc"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-19318"
          },
          {
            "db": "VULHUB",
            "id": "VHN-121365"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1150"
          },
          {
            "db": "BID",
            "id": "105720"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011478"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-863"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1150"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2fb9480-39ab-11e9-9752-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-19318"
          },
          {
            "db": "VULHUB",
            "id": "VHN-121365"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1150"
          },
          {
            "db": "BID",
            "id": "105720"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011478"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-863"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1150"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-19T00:00:00",
            "db": "IVD",
            "id": "e2fb9480-39ab-11e9-9752-000c29342cb1"
          },
          {
            "date": "2018-09-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-19318"
          },
          {
            "date": "2018-09-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-121365"
          },
          {
            "date": "2018-09-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-1150"
          },
          {
            "date": "2018-10-11T00:00:00",
            "db": "BID",
            "id": "105720"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011478"
          },
          {
            "date": "2018-09-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-863"
          },
          {
            "date": "2018-09-19T15:29:06.280000",
            "db": "NVD",
            "id": "CVE-2018-1150"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-09-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-19318"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-121365"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-1150"
          },
          {
            "date": "2018-10-11T00:00:00",
            "db": "BID",
            "id": "105720"
          },
          {
            "date": "2019-01-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011478"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201809-863"
          },
          {
            "date": "2024-11-21T03:59:17.417000",
            "db": "NVD",
            "id": "CVE-2018-1150"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-863"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NUUO NVRMini2 Vulnerabilities related to security functions",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011478"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201809-863"
          }
        ],
        "trust": 0.6
      }
    }