Filtered by vendor Nuuo Subscriptions
Total 26 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-11523 1 Nuuo 2 Nvrmini 2, Nvrmini 2 Firmware 2024-08-05 N/A
upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.
CVE-2019-9653 1 Nuuo 2 Network Video Recorder, Network Video Recorder Firmware 2024-08-04 N/A
NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php.
CVE-2021-45812 1 Nuuo 2 Nvrsolo, Nvrsolo Firmware 2024-08-04 6.1 Medium
NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal the user's session by injecting malicious JavaScript codes which leads to session hijacking.
CVE-2022-33119 1 Nuuo 2 Nvrsolo, Nvrsolo Firmware 2024-08-03 6.1 Medium
NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php.
CVE-2022-25521 1 Nuuo 1 Network Video Recorder Firmware 2024-08-03 9.8 Critical
NUUO v03.11.00 was discovered to contain access control issue.
CVE-2022-23227 1 Nuuo 2 Nvrmini2, Nvrmini2 Firmware 2024-08-03 9.8 Critical
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root.