CVE-2018-15716
published 2018-11-30CVE-2018-15716: NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS…
PriorityP273high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
ITWEXPLOIT
Exploited in the wild
EPSS
18.50%
96.9th percentile
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nuuo | nuuo_nvrmini2 | — | — |
| nuuo | nvrmini2_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Nuuo NVR RCE Attempt (CVE-2018-15716)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"_handle.php?cmd=getupgradinginfo"; fast_pattern; endswith; classtype:attempted-admin; sid:2026982; rev:3; metadata:created_at 2019_02_26, cve CVE_2018_15716, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, updated_at 2020_09_16;)
- ·Exploitation requires prior authentication — the attacker must supply valid credentials to obtain a session cookie before sending the command injection payload. ↗
- ·The exploit's primitive bash command parser only supports splitting a command on the first space where the next character is not '-', meaning multi-parameter commands with flags may not be handled correctly by the PoC. ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET EXPLOIT Nuuo NVR RCE Attempt (CVE-2018-15716)
suricata·2019-02-26·CVSS 8.8
CVE-2018-15716 [HIGH] ET EXPLOIT Nuuo NVR RCE Attempt (CVE-2018-15716)
ET EXPLOIT Nuuo NVR RCE Attempt (CVE-2018-15716)
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Nuuo NVR RCE Attempt (CVE-2018-15716)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"_handle.php?cmd=getupgradinginfo"; fast_pattern; endswith; classtype:attempted-admin; sid:2026982; rev:3; metadata:created_at 2019_02_26, cve CVE_2018_15716, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, updated_at 2020_09_16;)
No writeups or analysis indexed.
http://www.securityfocus.com/bid/106059https://github.com/tenable/poc/tree/master/nuuo/nvrmini2/cve_2018_15716https://www.exploit-db.com/exploits/45948/https://www.tenable.com/security/research/tra-2018-41http://www.securityfocus.com/bid/106059https://github.com/tenable/poc/tree/master/nuuo/nvrmini2/cve_2018_15716https://www.exploit-db.com/exploits/45948/https://www.tenable.com/security/research/tra-2018-41
2018-11-30
Published
Exploited in the wild