Search criteria
5 vulnerabilities found for nvrmini2 by nuuo
VAR-202201-2026
Vulnerability from variot - Updated: 2025-11-18 15:22NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root. NUUO NVRmini2 There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NUUO NVRMini2 is a small network hard disk video recorder device from Taiwan NUUO company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-2026",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nvrmini2",
"scope": "lte",
"trust": 1.0,
"vendor": "nuuo",
"version": "3.11.0"
},
{
"model": "nvrmini 2",
"scope": "eq",
"trust": 0.8,
"vendor": "nuuo",
"version": null
},
{
"model": "nvrmini 2",
"scope": "eq",
"trust": 0.8,
"vendor": "nuuo",
"version": "nuuo nvrmini 2 firmware 3.11 to"
},
{
"model": "nvrmini2",
"scope": "lt",
"trust": 0.6,
"vendor": "nuuo",
"version": "03.11.0000.0005"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-70105"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003358"
},
{
"db": "NVD",
"id": "CVE-2022-23227"
}
]
},
"cve": "CVE-2022-23227",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-23227",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-70105",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-23227",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-23227",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-23227",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-23227",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-23227",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-70105",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-1329",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2022-23227",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-70105"
},
{
"db": "VULMON",
"id": "CVE-2022-23227"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1329"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003358"
},
{
"db": "NVD",
"id": "CVE-2022-23227"
},
{
"db": "NVD",
"id": "CVE-2022-23227"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root. NUUO NVRmini2 There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NUUO NVRMini2 is a small network hard disk video recorder device from Taiwan NUUO company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23227"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003358"
},
{
"db": "CNVD",
"id": "CNVD-2022-70105"
},
{
"db": "VULMON",
"id": "CVE-2022-23227"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-23227",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003358",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-70105",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1329",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-23227",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-70105"
},
{
"db": "VULMON",
"id": "CVE-2022-23227"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1329"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003358"
},
{
"db": "NVD",
"id": "CVE-2022-23227"
}
]
},
"id": "VAR-202201-2026",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-70105"
}
],
"trust": 1.198015885
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-70105"
}
]
},
"last_update_date": "2025-11-18T15:22:13.577000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.nuuo.com/"
},
{
"title": "Patch for NUUO NVRmini2 Authorization Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/358241"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-70105"
},
{
"db": "VULMON",
"id": "CVE-2022-23227"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003358"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003358"
},
{
"db": "NVD",
"id": "CVE-2022-23227"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://portswigger.net/daily-swig/researcher-discloses-alleged-zero-day-vulnerabilities-in-nuuo-nvrmini2-recording-device"
},
{
"trust": 2.5,
"url": "https://github.com/pedrib/poc/blob/master/advisories/nuuo/nuuo_nvrmini_round2.mkd"
},
{
"trust": 2.5,
"url": "https://github.com/rapid7/metasploit-framework/pull/16044"
},
{
"trust": 1.7,
"url": "https://news.ycombinator.com/item?id=29936569"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23227"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2022-23227"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-70105"
},
{
"db": "VULMON",
"id": "CVE-2022-23227"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1329"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003358"
},
{
"db": "NVD",
"id": "CVE-2022-23227"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-70105"
},
{
"db": "VULMON",
"id": "CVE-2022-23227"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1329"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003358"
},
{
"db": "NVD",
"id": "CVE-2022-23227"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-70105"
},
{
"date": "2022-01-14T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23227"
},
{
"date": "2022-01-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-1329"
},
{
"date": "2023-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-003358"
},
{
"date": "2022-01-14T18:15:10.303000",
"db": "NVD",
"id": "CVE-2022-23227"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-70105"
},
{
"date": "2022-01-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23227"
},
{
"date": "2022-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-1329"
},
{
"date": "2023-02-15T07:43:00",
"db": "JVNDB",
"id": "JVNDB-2022-003358"
},
{
"date": "2025-11-07T19:02:45.277000",
"db": "NVD",
"id": "CVE-2022-23227"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1329"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NUUO\u00a0NVRmini2\u00a0 Vulnerability regarding lack of authentication for critical features in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003358"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1329"
}
],
"trust": 0.6
}
}
VAR-201812-1058
Vulnerability from variot - Updated: 2025-01-30 20:05NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device. NUUO NVRmini2 Network Video Recorder The firmware contains a buffer error vulnerability and an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO NVRMini2 is a small network DVR device from NUUO. There is a security vulnerability in NUUO NVRmini2 with firmware version 3.9.1 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-1058",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nvrmini2",
"scope": "lte",
"trust": 1.0,
"vendor": "nuuo",
"version": "3.9.1"
},
{
"model": "nvrmini 2",
"scope": "lte",
"trust": 0.8,
"vendor": "nuuo",
"version": "3.9.1"
},
{
"model": "nvrmini2",
"scope": "eq",
"trust": 0.6,
"vendor": "nuuo",
"version": "3.9.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012533"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-188"
},
{
"db": "NVD",
"id": "CVE-2018-19864"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:nuuo:nvrmini_2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012533"
}
]
},
"cve": "CVE-2018-19864",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-19864",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-130566",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-19864",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-19864",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-19864",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-188",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-130566",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-19864",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130566"
},
{
"db": "VULMON",
"id": "CVE-2018-19864"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012533"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-188"
},
{
"db": "NVD",
"id": "CVE-2018-19864"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device. NUUO NVRmini2 Network Video Recorder The firmware contains a buffer error vulnerability and an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO NVRMini2 is a small network DVR device from NUUO. There is a security vulnerability in NUUO NVRmini2 with firmware version 3.9.1 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19864"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012533"
},
{
"db": "VULHUB",
"id": "VHN-130566"
},
{
"db": "VULMON",
"id": "CVE-2018-19864"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-130566",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=46960",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130566"
},
{
"db": "VULMON",
"id": "CVE-2018-19864"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-19864",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "153162",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012533",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-188",
"trust": 0.7
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-130566",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "46960",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-19864",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-130566"
},
{
"db": "VULMON",
"id": "CVE-2018-19864"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012533"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-188"
},
{
"db": "NVD",
"id": "CVE-2018-19864"
}
]
},
"id": "VAR-201812-1058",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-130566"
}
],
"trust": 0.7980158850000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"camera device"
],
"sub_category": "video camera",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T20:05:36.463000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NUUO NVRMini 2",
"trust": 0.8,
"url": "https://www.nuuo.com/DownloadMainpage.php"
},
{
"title": "CVE-2018-19864",
"trust": 0.1,
"url": "https://github.com/NotEth1calHack3r/CVE-2018-19864 "
},
{
"title": "CVE-POC",
"trust": 0.1,
"url": "https://github.com/0xT11/CVE-POC "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/nomi-sec/PoC-in-GitHub "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-19864"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012533"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
},
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130566"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012533"
},
{
"db": "NVD",
"id": "CVE-2018-19864"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.digitaldefense.com/blog/zero-day-alerts/nuuo-firmware-disclosure/"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/153162/nuuo-nvrmini-2-3.9.1-stack-overflow.html"
},
{
"trust": 1.8,
"url": "https://www.nuuo.com/downloadmainpage.php"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19864"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19864"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://github.com/noteth1calhack3r/cve-2018-19864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/46960"
},
{
"trust": 0.1,
"url": "https://github.com/nomi-sec/poc-in-github"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-130566"
},
{
"db": "VULMON",
"id": "CVE-2018-19864"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012533"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-188"
},
{
"db": "NVD",
"id": "CVE-2018-19864"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-130566"
},
{
"db": "VULMON",
"id": "CVE-2018-19864"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012533"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-188"
},
{
"db": "NVD",
"id": "CVE-2018-19864"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-05T00:00:00",
"db": "VULHUB",
"id": "VHN-130566"
},
{
"date": "2018-12-05T00:00:00",
"db": "VULMON",
"id": "CVE-2018-19864"
},
{
"date": "2019-02-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012533"
},
{
"date": "2018-12-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-188"
},
{
"date": "2018-12-05T11:29:05.937000",
"db": "NVD",
"id": "CVE-2018-19864"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-04T00:00:00",
"db": "VULHUB",
"id": "VHN-130566"
},
{
"date": "2019-06-04T00:00:00",
"db": "VULMON",
"id": "CVE-2018-19864"
},
{
"date": "2019-02-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012533"
},
{
"date": "2019-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-188"
},
{
"date": "2024-11-21T03:58:42.880000",
"db": "NVD",
"id": "CVE-2018-19864"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-188"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NUUO NVRmini2 Network Video Recorder Firmware buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012533"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-188"
}
],
"trust": 0.6
}
}
VAR-201811-0051
Vulnerability from variot - Updated: 2024-11-23 22:48NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root. NUUO NVRMini2 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO NVRmini Products are prone to an remote command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks. NOTE: This issue is the result of an incomplete fix for the issue described in BID 106058 (NUUO NVRmini Products CVE-2018-14933 Remote Command Injection Vulnerability). NUUO NVRMini2 is a small network DVR device from NUUO
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nvrmini2",
"scope": "eq",
"trust": 1.6,
"vendor": "nuuo",
"version": "3.9.1"
},
{
"model": "nvrmini 2",
"scope": "eq",
"trust": 0.8,
"vendor": "nuuo",
"version": "3.9.1"
},
{
"model": "nvrsolo plus",
"scope": "eq",
"trust": 0.3,
"vendor": "nuuo",
"version": "3.10"
},
{
"model": "nvrsolo",
"scope": "eq",
"trust": 0.3,
"vendor": "nuuo",
"version": "3.10"
},
{
"model": "nvrmini",
"scope": "eq",
"trust": 0.3,
"vendor": "nuuo",
"version": "23.10"
}
],
"sources": [
{
"db": "BID",
"id": "106059"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012507"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-004"
},
{
"db": "NVD",
"id": "CVE-2018-15716"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:nuuo:nvrmini_2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012507"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenable",
"sources": [
{
"db": "BID",
"id": "106059"
}
],
"trust": 0.3
},
"cve": "CVE-2018-15716",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2018-15716",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-126003",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-15716",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-15716",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-15716",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-004",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-126003",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-15716",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126003"
},
{
"db": "VULMON",
"id": "CVE-2018-15716"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012507"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-004"
},
{
"db": "NVD",
"id": "CVE-2018-15716"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root. NUUO NVRMini2 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO NVRmini Products are prone to an remote command-injection vulnerability. \nAn attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks. \nNOTE: This issue is the result of an incomplete fix for the issue described in BID 106058 (NUUO NVRmini Products CVE-2018-14933 Remote Command Injection Vulnerability). NUUO NVRMini2 is a small network DVR device from NUUO",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15716"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012507"
},
{
"db": "BID",
"id": "106059"
},
{
"db": "VULHUB",
"id": "VHN-126003"
},
{
"db": "VULMON",
"id": "CVE-2018-15716"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-126003",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126003"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TENABLE",
"id": "TRA-2018-41",
"trust": 2.9
},
{
"db": "NVD",
"id": "CVE-2018-15716",
"trust": 2.9
},
{
"db": "BID",
"id": "106059",
"trust": 2.1
},
{
"db": "EXPLOIT-DB",
"id": "45948",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012507",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-004",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "150624",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-97703",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-126003",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-15716",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126003"
},
{
"db": "VULMON",
"id": "CVE-2018-15716"
},
{
"db": "BID",
"id": "106059"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012507"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-004"
},
{
"db": "NVD",
"id": "CVE-2018-15716"
}
]
},
"id": "VAR-201811-0051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-126003"
}
],
"trust": 0.698015885
},
"last_update_date": "2024-11-23T22:48:32.714000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.nuuo.com/"
},
{
"title": "NUUO NVRMini2 Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87340"
},
{
"title": "Check Point Security Alerts: NUUO NVRMini Command Injection (CVE-2018-14933; CVE-2018-15716)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=check_point_security_alerts\u0026qid=2b0f048b5c4fc953f301d53a3560d6aa"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-15716"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012507"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-004"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126003"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012507"
},
{
"db": "NVD",
"id": "CVE-2018-15716"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://www.tenable.com/security/research/tra-2018-41"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/106059"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/45948/"
},
{
"trust": 1.8,
"url": "https://github.com/tenable/poc/tree/master/nuuo/nvrmini2/cve_2018_15716"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15716"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15716"
},
{
"trust": 0.3,
"url": "https://www.nuuo.com"
},
{
"trust": 0.3,
"url": "https://github.com/tenable/poc/tree/master/nuuo/nvrmini2/cve_2018_1149"
},
{
"trust": 0.3,
"url": "https://github.com/tenable/poc/blob/master/nuuo/nvrmini2/cve_2018_15716/poc_nuuo_upgrade_handle.py"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/150624/nuuo-nvrmini2-3.9.1-command-injection.html"
},
{
"trust": 0.1,
"url": "https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2018-2636.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126003"
},
{
"db": "VULMON",
"id": "CVE-2018-15716"
},
{
"db": "BID",
"id": "106059"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012507"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-004"
},
{
"db": "NVD",
"id": "CVE-2018-15716"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-126003"
},
{
"db": "VULMON",
"id": "CVE-2018-15716"
},
{
"db": "BID",
"id": "106059"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012507"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-004"
},
{
"db": "NVD",
"id": "CVE-2018-15716"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-126003"
},
{
"date": "2018-11-30T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15716"
},
{
"date": "2018-11-30T00:00:00",
"db": "BID",
"id": "106059"
},
{
"date": "2019-02-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012507"
},
{
"date": "2018-12-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-004"
},
{
"date": "2018-11-30T20:29:00.270000",
"db": "NVD",
"id": "CVE-2018-15716"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-126003"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15716"
},
{
"date": "2018-11-30T00:00:00",
"db": "BID",
"id": "106059"
},
{
"date": "2019-02-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012507"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-004"
},
{
"date": "2024-11-21T03:51:19.900000",
"db": "NVD",
"id": "CVE-2018-15716"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-004"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NUUO NVRMini2 In OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012507"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-004"
}
],
"trust": 0.6
}
}
VAR-201809-0280
Vulnerability from variot - Updated: 2024-11-23 22:12cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests. NUUO NVRMini2 Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO is one of the monitoring solution providers, and NUUO NVRMini 2 is a NAS-enabled NVR solution. NUUO NVRMini2 has a remote code execution vulnerability. Due to program logic defects, the length of the HTTP header cookie field was not checked when processing the GET request of /cgi-bin/cgi_system and the sprintf function was used for splicing, resulting in a stack overflow. By constructing specially crafted data, an attacker can exploit this vulnerability to execute arbitrary commands on the target device. Failed exploit attempts may result in a denial-of-service condition. NVRmini2 and NVRsolo 3.8.0 and prior are vulnerable. NUUO NVRmini 2 is a video storage management device produced by American NUUO company. There is a security vulnerability in cgi_system in NUUO NVRMini 2 3.8.0 and earlier versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0280",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nvrmini2",
"scope": "lte",
"trust": 1.0,
"vendor": "nuuo",
"version": "3.8.0"
},
{
"model": "nvrmini 2",
"scope": "lte",
"trust": 0.8,
"vendor": "nuuo",
"version": "3.8.0"
},
{
"model": "nvrmini2",
"scope": "eq",
"trust": 0.6,
"vendor": "nuuo",
"version": "03.07.0000.0011"
},
{
"model": "nvrmini2",
"scope": "eq",
"trust": 0.6,
"vendor": "nuuo",
"version": "03.08.0000.0005"
},
{
"model": "nvrmini2",
"scope": "eq",
"trust": 0.6,
"vendor": "nuuo",
"version": "3.8.0"
},
{
"model": "nvrsolo",
"scope": "eq",
"trust": 0.3,
"vendor": "nuuo",
"version": "3.8"
},
{
"model": "nvrsolo",
"scope": "eq",
"trust": 0.3,
"vendor": "nuuo",
"version": "3.0"
},
{
"model": "nvrsolo",
"scope": "eq",
"trust": 0.3,
"vendor": "nuuo",
"version": "2.0"
},
{
"model": "nvrsolo",
"scope": "eq",
"trust": 0.3,
"vendor": "nuuo",
"version": "1.0"
},
{
"model": "nvrmini",
"scope": "eq",
"trust": 0.3,
"vendor": "nuuo",
"version": "23.8"
},
{
"model": "nvrmini",
"scope": "eq",
"trust": 0.3,
"vendor": "nuuo",
"version": "23.0"
},
{
"model": "nvrmini",
"scope": "eq",
"trust": 0.3,
"vendor": "nuuo",
"version": "22.0"
},
{
"model": "nvrmini",
"scope": "eq",
"trust": 0.3,
"vendor": "nuuo",
"version": "21.7.5"
},
{
"model": "nvrsolo",
"scope": "ne",
"trust": 0.3,
"vendor": "nuuo",
"version": "3.9.1"
},
{
"model": "nvrmini",
"scope": "ne",
"trust": 0.3,
"vendor": "nuuo",
"version": "23.9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "nvrmini2",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19317"
},
{
"db": "BID",
"id": "105720"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011477"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-862"
},
{
"db": "NVD",
"id": "CVE-2018-1149"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:nuuo:nvrmini_2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011477"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Baines of Tenable",
"sources": [
{
"db": "BID",
"id": "105720"
}
],
"trust": 0.3
},
"cve": "CVE-2018-1149",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-1149",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-19317",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2fb9481-39ab-11e9-880f-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-121354",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-1149",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-1149",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-1149",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-19317",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-862",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2fb9481-39ab-11e9-880f-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-121354",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-1149",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19317"
},
{
"db": "VULHUB",
"id": "VHN-121354"
},
{
"db": "VULMON",
"id": "CVE-2018-1149"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011477"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-862"
},
{
"db": "NVD",
"id": "CVE-2018-1149"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cgi_system in NUUO\u0027s NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests. NUUO NVRMini2 Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO is one of the monitoring solution providers, and NUUO NVRMini 2 is a NAS-enabled NVR solution. NUUO NVRMini2 has a remote code execution vulnerability. Due to program logic defects, the length of the HTTP header cookie field was not checked when processing the GET request of /cgi-bin/cgi_system and the sprintf function was used for splicing, resulting in a stack overflow. By constructing specially crafted data, an attacker can exploit this vulnerability to execute arbitrary commands on the target device. Failed exploit attempts may result in a denial-of-service condition. \nNVRmini2 and NVRsolo 3.8.0 and prior are vulnerable. NUUO NVRmini 2 is a video storage management device produced by American NUUO company. There is a security vulnerability in cgi_system in NUUO NVRMini 2 3.8.0 and earlier versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1149"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011477"
},
{
"db": "CNVD",
"id": "CNVD-2018-19317"
},
{
"db": "BID",
"id": "105720"
},
{
"db": "IVD",
"id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-121354"
},
{
"db": "VULMON",
"id": "CVE-2018-1149"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1149",
"trust": 3.7
},
{
"db": "TENABLE",
"id": "TRA-2018-25",
"trust": 2.4
},
{
"db": "BID",
"id": "105720",
"trust": 1.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-284-01",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-201809-862",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-19317",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011477",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2FB9481-39AB-11E9-880F-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-121354",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1149",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19317"
},
{
"db": "VULHUB",
"id": "VHN-121354"
},
{
"db": "VULMON",
"id": "CVE-2018-1149"
},
{
"db": "BID",
"id": "105720"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011477"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-862"
},
{
"db": "NVD",
"id": "CVE-2018-1149"
}
]
},
"id": "VAR-201809-0280",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19317"
},
{
"db": "VULHUB",
"id": "VHN-121354"
}
],
"trust": 1.498015885
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19317"
}
]
},
"last_update_date": "2024-11-23T22:12:21.206000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NUUO version 3.9.1 Release date_2018.09",
"trust": 0.8,
"url": "https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf"
},
{
"title": "NUUO NVRMini 2 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84988"
},
{
"title": "Exp101tsArchiv30thers",
"trust": 0.1,
"url": "https://github.com/nu11secur1ty/Exp101tsArchiv30thers "
},
{
"title": "awesome-cve-poc_qazbnm456",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/critical-rce-peekaboo-bug-in-nvr-surveillance-system-poc-available/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-1149"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011477"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-862"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121354"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011477"
},
{
"db": "NVD",
"id": "CVE-2018-1149"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.tenable.com/security/research/tra-2018-25"
},
{
"trust": 2.4,
"url": "https://github.com/tenable/poc/tree/master/nuuo/nvrmini2"
},
{
"trust": 1.8,
"url": "https://www.nuuo.com/backend/ckedit/upload/files/nuuo_nvrsolo_v3_9_1_release%20note.pdf"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/105720"
},
{
"trust": 1.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-284-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1149"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1149"
},
{
"trust": 0.3,
"url": "http://www.nuuo.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19317"
},
{
"db": "VULHUB",
"id": "VHN-121354"
},
{
"db": "VULMON",
"id": "CVE-2018-1149"
},
{
"db": "BID",
"id": "105720"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011477"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-862"
},
{
"db": "NVD",
"id": "CVE-2018-1149"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19317"
},
{
"db": "VULHUB",
"id": "VHN-121354"
},
{
"db": "VULMON",
"id": "CVE-2018-1149"
},
{
"db": "BID",
"id": "105720"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011477"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-862"
},
{
"db": "NVD",
"id": "CVE-2018-1149"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-19T00:00:00",
"db": "IVD",
"id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
},
{
"date": "2018-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19317"
},
{
"date": "2018-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-121354"
},
{
"date": "2018-09-19T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1149"
},
{
"date": "2018-10-11T00:00:00",
"db": "BID",
"id": "105720"
},
{
"date": "2019-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011477"
},
{
"date": "2018-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-862"
},
{
"date": "2018-09-19T15:29:06.063000",
"db": "NVD",
"id": "CVE-2018-1149"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19317"
},
{
"date": "2018-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-121354"
},
{
"date": "2018-12-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1149"
},
{
"date": "2018-10-11T00:00:00",
"db": "BID",
"id": "105720"
},
{
"date": "2019-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011477"
},
{
"date": "2018-10-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-862"
},
{
"date": "2024-11-21T03:59:17.307000",
"db": "NVD",
"id": "CVE-2018-1149"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-862"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NUUO NVRMini2 Remote code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19317"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-862"
}
],
"trust": 0.8
}
}
VAR-201809-0281
Vulnerability from variot - Updated: 2024-11-23 22:12NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists. NUUO NVRMini2 Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO is one of the monitoring solution providers, and NUUO NVRMini 2 is a NAS-enabled NVR solution. There is a backdoor vulnerability in NUUO NVRMini2. When the target device file system has a specific file /tmp/moses/, the backdoor will be opened, and any unauthorized user can obtain the user list of the non-admin user and change the password by using the API to implement the takeover of the NVR device. An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. NVRmini2 and NVRsolo 3.8.0 and prior are vulnerable. NUUO NVRmini 2 is a video storage management device produced by American NUUO company. There is a security vulnerability in NUUO NVRMini 2 3.8.0 and earlier versions, which is caused by the backdoor in the program
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0281",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nvrmini2",
"scope": "lte",
"trust": 1.0,
"vendor": "nuuo",
"version": "3.8.0"
},
{
"model": "nvrmini 2",
"scope": "lte",
"trust": 0.8,
"vendor": "nuuo",
"version": "3.8.0"
},
{
"model": "nvrmini2",
"scope": "eq",
"trust": 0.6,
"vendor": "nuuo",
"version": "03.07.0000.0011"
},
{
"model": "nvrmini2",
"scope": "eq",
"trust": 0.6,
"vendor": "nuuo",
"version": "03.08.0000.0005"
},
{
"model": "nvrmini2",
"scope": "eq",
"trust": 0.6,
"vendor": "nuuo",
"version": "3.8.0"
},
{
"model": "nvrsolo",
"scope": "eq",
"trust": 0.3,
"vendor": "nuuo",
"version": "3.8"
},
{
"model": "nvrsolo",
"scope": "eq",
"trust": 0.3,
"vendor": "nuuo",
"version": "3.0"
},
{
"model": "nvrsolo",
"scope": "eq",
"trust": 0.3,
"vendor": "nuuo",
"version": "2.0"
},
{
"model": "nvrsolo",
"scope": "eq",
"trust": 0.3,
"vendor": "nuuo",
"version": "1.0"
},
{
"model": "nvrmini",
"scope": "eq",
"trust": 0.3,
"vendor": "nuuo",
"version": "23.8"
},
{
"model": "nvrmini",
"scope": "eq",
"trust": 0.3,
"vendor": "nuuo",
"version": "23.0"
},
{
"model": "nvrmini",
"scope": "eq",
"trust": 0.3,
"vendor": "nuuo",
"version": "22.0"
},
{
"model": "nvrmini",
"scope": "eq",
"trust": 0.3,
"vendor": "nuuo",
"version": "21.7.5"
},
{
"model": "nvrsolo",
"scope": "ne",
"trust": 0.3,
"vendor": "nuuo",
"version": "3.9.1"
},
{
"model": "nvrmini",
"scope": "ne",
"trust": 0.3,
"vendor": "nuuo",
"version": "23.9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "nvrmini2",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2fb9480-39ab-11e9-9752-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19318"
},
{
"db": "BID",
"id": "105720"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011478"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-863"
},
{
"db": "NVD",
"id": "CVE-2018-1150"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:nuuo:nvrmini_2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011478"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Baines of Tenable",
"sources": [
{
"db": "BID",
"id": "105720"
}
],
"trust": 0.3
},
"cve": "CVE-2018-1150",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-1150",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-19318",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2fb9480-39ab-11e9-9752-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-121365",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2018-1150",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-1150",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-1150",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-19318",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-863",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2fb9480-39ab-11e9-9752-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-121365",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-1150",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2fb9480-39ab-11e9-9752-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19318"
},
{
"db": "VULHUB",
"id": "VHN-121365"
},
{
"db": "VULMON",
"id": "CVE-2018-1150"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011478"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-863"
},
{
"db": "NVD",
"id": "CVE-2018-1150"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NUUO\u0027s NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists. NUUO NVRMini2 Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO is one of the monitoring solution providers, and NUUO NVRMini 2 is a NAS-enabled NVR solution. There is a backdoor vulnerability in NUUO NVRMini2. When the target device file system has a specific file /tmp/moses/, the backdoor will be opened, and any unauthorized user can obtain the user list of the non-admin user and change the password by using the API to implement the takeover of the NVR device. \nAn attacker can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. \nNVRmini2 and NVRsolo 3.8.0 and prior are vulnerable. NUUO NVRmini 2 is a video storage management device produced by American NUUO company. There is a security vulnerability in NUUO NVRMini 2 3.8.0 and earlier versions, which is caused by the backdoor in the program",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1150"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011478"
},
{
"db": "CNVD",
"id": "CNVD-2018-19318"
},
{
"db": "BID",
"id": "105720"
},
{
"db": "IVD",
"id": "e2fb9480-39ab-11e9-9752-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-121365"
},
{
"db": "VULMON",
"id": "CVE-2018-1150"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1150",
"trust": 3.7
},
{
"db": "TENABLE",
"id": "TRA-2018-25",
"trust": 2.4
},
{
"db": "BID",
"id": "105720",
"trust": 2.1
},
{
"db": "ICS CERT",
"id": "ICSA-18-284-01",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-201809-863",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-19318",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011478",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2FB9480-39AB-11E9-9752-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-121365",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1150",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2fb9480-39ab-11e9-9752-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19318"
},
{
"db": "VULHUB",
"id": "VHN-121365"
},
{
"db": "VULMON",
"id": "CVE-2018-1150"
},
{
"db": "BID",
"id": "105720"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011478"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-863"
},
{
"db": "NVD",
"id": "CVE-2018-1150"
}
]
},
"id": "VAR-201809-0281",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2fb9480-39ab-11e9-9752-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19318"
},
{
"db": "VULHUB",
"id": "VHN-121365"
}
],
"trust": 1.498015885
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2fb9480-39ab-11e9-9752-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19318"
}
]
},
"last_update_date": "2024-11-23T22:12:21.163000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NUUO version 3.9.1 Release date_2018.09",
"trust": 0.8,
"url": "https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf"
},
{
"title": "NUUO NVRmini 2 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84989"
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-1150"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011478"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-863"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-254",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121365"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011478"
},
{
"db": "NVD",
"id": "CVE-2018-1150"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.tenable.com/security/research/tra-2018-25"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/105720"
},
{
"trust": 1.8,
"url": "https://www.nuuo.com/backend/ckedit/upload/files/nuuo_nvrsolo_v3_9_1_release%20note.pdf"
},
{
"trust": 1.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-284-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1150"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1150"
},
{
"trust": 0.6,
"url": "https://github.com/tenable/poc/tree/master/nuuo/nvrmini2"
},
{
"trust": 0.3,
"url": "http://www.nuuo.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19318"
},
{
"db": "VULHUB",
"id": "VHN-121365"
},
{
"db": "VULMON",
"id": "CVE-2018-1150"
},
{
"db": "BID",
"id": "105720"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011478"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-863"
},
{
"db": "NVD",
"id": "CVE-2018-1150"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2fb9480-39ab-11e9-9752-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19318"
},
{
"db": "VULHUB",
"id": "VHN-121365"
},
{
"db": "VULMON",
"id": "CVE-2018-1150"
},
{
"db": "BID",
"id": "105720"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011478"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-863"
},
{
"db": "NVD",
"id": "CVE-2018-1150"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-19T00:00:00",
"db": "IVD",
"id": "e2fb9480-39ab-11e9-9752-000c29342cb1"
},
{
"date": "2018-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19318"
},
{
"date": "2018-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-121365"
},
{
"date": "2018-09-19T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1150"
},
{
"date": "2018-10-11T00:00:00",
"db": "BID",
"id": "105720"
},
{
"date": "2019-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011478"
},
{
"date": "2018-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-863"
},
{
"date": "2018-09-19T15:29:06.280000",
"db": "NVD",
"id": "CVE-2018-1150"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19318"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-121365"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1150"
},
{
"date": "2018-10-11T00:00:00",
"db": "BID",
"id": "105720"
},
{
"date": "2019-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011478"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-863"
},
{
"date": "2024-11-21T03:59:17.417000",
"db": "NVD",
"id": "CVE-2018-1150"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-863"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NUUO NVRMini2 Vulnerabilities related to security functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011478"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-863"
}
],
"trust": 0.6
}
}