CVE-2018-1150 — Nvrmini2 Firmware vulnerability

6 documents4 sources

Severity

7.3HIGHNVD

EPSS

0.6%

top 29.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nuuo Nvrmini2 Firmware Nuuo Nvrmini2

Timeline

PublishedSep 19

Latest updateMay 13

Description

NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

▶NVDnuuo/nvrmini2_firmware3.8.0

▶CVEListV5nuuo/nuuo_nvrmini2All versions prior to version 3.9.1

🔴Vulnerability Details

GHSA

GHSA-f3q2-v6jc-rpmv: NUUO's NVRMini2 3↗2022-05-13

▶

📋Vendor Advisories

CISA ICS

NUUO NVRmini2 and NVRsolo↗2018-10-11

▶

🕵️Threat Intelligence

Tenable

[R2] Multiple NUUO NVRMini2 Vulnerabilities↗2018-09-17

▶

Tenable

Tenable Research Advisory: Peekaboo Critical Vulnerability in NUUO Network Video Recorder↗2018-09-17

▶

Tenable

Tenable Research Advisory: Peekaboo Critical Vulnerability in NUUO Network Video Recorder↗2018-09-17

▶