⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2018-15716OS Command Injection in Nvrmini2

CWE-78OS Command Injection4 documents4 sources
Severity
8.8HIGHNVD
EPSS
43.8%
top 2.46%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Nuuo Nvrmini2Nuuo Nvrmini2 Firmware
Timeline
PublishedNov 30
Latest updateMay 13

Description

NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5nuuo/nuuo_nvrmini23.9.1

🔴Vulnerability Details

1
GHSA
GHSA-88f8-4pc7-v956: NUUO NVRMini2 version 32022-05-13

💥Exploits & PoCs

1
Exploit-DB
NUUO NVRMini2 3.9.1 - (Authenticated) Command Injection2018-12-04

🔍Detection Rules

1
Suricata
ET EXPLOIT Nuuo NVR RCE Attempt (CVE-2018-15716)2019-02-26