Filtered by vendor Nuuo
Subscriptions
Total
26 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-11523 | 1 Nuuo | 2 Nvrmini 2, Nvrmini 2 Firmware | 2024-08-05 | N/A |
upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files. | ||||
CVE-2019-9653 | 1 Nuuo | 2 Network Video Recorder, Network Video Recorder Firmware | 2024-08-04 | N/A |
NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php. | ||||
CVE-2021-45812 | 1 Nuuo | 2 Nvrsolo, Nvrsolo Firmware | 2024-08-04 | 6.1 Medium |
NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal the user's session by injecting malicious JavaScript codes which leads to session hijacking. | ||||
CVE-2022-33119 | 1 Nuuo | 2 Nvrsolo, Nvrsolo Firmware | 2024-08-03 | 6.1 Medium |
NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php. | ||||
CVE-2022-25521 | 1 Nuuo | 1 Network Video Recorder Firmware | 2024-08-03 | 9.8 Critical |
NUUO v03.11.00 was discovered to contain access control issue. | ||||
CVE-2022-23227 | 1 Nuuo | 2 Nvrmini2, Nvrmini2 Firmware | 2024-08-03 | 9.8 Critical |
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root. |