CVE-2018-1150
published 2018-09-19CVE-2018-1150: NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses…
PriorityP348high7.3CVSS 3.0
AVNACLPRNUINSUCLILAL
EPSS
1.88%
76.8th percentile
NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nuuo | nuuo_nvrmini2 | — | — |
| nuuo | nvrmini2_firmware | <= 3.8.0 | — |
CVSS provenance
nvdv3.07.3HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
NUUO NVRmini2 and NVRsolo
cisa_ics·2018-10-11·CVSS 9.8
[CRITICAL] NUUO NVRmini2 and NVRsolo
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
NUUO NVRmini2 and NVRsolo
Last RevisedOctober 11, 2018
Alert CodeICSA-18-284-01
## 1. EXECUTIVE SUMMARY
-
CVSS v3 10.0
- ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available
- Vendor: NUUO
- Equipment: NVRmini2, NVRsolo
- Vulnerabilities: Stack-based Buffer Overflow, Leftover Debug Code
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution and user account modification.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Nuuo NVRmini2 and
GHSA
GHSA-f3q2-v6jc-rpmv: NUUO's NVRMini2 3
ghsa_unreviewed·2022-05-13
CVE-2018-1150 [HIGH] GHSA-f3q2-v6jc-rpmv: NUUO's NVRMini2 3
NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists.
No detection rules found.
No public exploits indexed.
Tenable
[R2] Multiple NUUO NVRMini2 Vulnerabilities
blogs_tenable·2018-09-17
[R2] Multiple NUUO NVRMini2 Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Tenable Research Advisory: Peekaboo Critical Vulnerability in NUUO Network Video Recorder
blogs_tenable·2018-09-17
Tenable Research Advisory: Peekaboo Critical Vulnerability in NUUO Network Video Recorder
Blog / Research
Subscribe
# Tenable Research Advisory: Peekaboo Critical Vulnerability in NUUO Network Video Recorder
Tenable Research
September 17, 2018
5 Min Read
Tenable Research has discovered a critical vulnerability named Peekaboo permitting remote code execution in IoT network video recorders for video surveillance systems that would allow attackers to remotely view feeds and tamper with recordings. On September 19, NUUO released version 3.9.1 to address the Peekaboo vulnerability. Affected users are urged to update their NVRMini2 devices as soon as possible. The update can be downloaded from their website here.
Tenable Research discovered two vulnerabilities in NUUO’s Network Video Recorder software. The first is a critical unauthenticated stack buffer overflow and the second
Tenable
Tenable Research Advisory: Peekaboo Critical Vulnerability in NUUO Network Video Recorder
blogs_tenable·2018-09-17
Tenable Research Advisory: Peekaboo Critical Vulnerability in NUUO Network Video Recorder
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://www.securityfocus.com/bid/105720https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdfhttps://www.tenable.com/security/research/tra-2018-25http://www.securityfocus.com/bid/105720https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdfhttps://www.tenable.com/security/research/tra-2018-25
2018-09-19
Published