NUUO NVRmini Products CVE-2018-15716 Incomplete Fix Remote Command Injection Vulnerability
BID:106059
CVE-2018-15716 |Info
NUUO NVRmini Products CVE-2018-15716 Incomplete Fix Remote Command Injection Vulnerability
| Bugtraq ID: | 106059 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-15716 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 30 2018 12:00AM |
| Updated: | Nov 30 2018 12:00AM |
| Credit: | Tenable |
| Vulnerable: |
NUUO NVRsolo Plus 3.10 NUUO NVRsolo 3.10 NUUO NVRmini 2 3.10 |
| Not Vulnerable: | |
Discussion
NUUO NVRmini Products CVE-2018-15716 Incomplete Fix Remote Command Injection Vulnerability
NUUO NVRmini Products are prone to an remote command-injection vulnerability.
An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks.
NOTE: This issue is the result of an incomplete fix for the issue described in BID 106058 (NUUO NVRmini Products CVE-2018-14933 Remote Command Injection Vulnerability).
NUUO NVRmini Products are prone to an remote command-injection vulnerability.
An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks.
NOTE: This issue is the result of an incomplete fix for the issue described in BID 106058 (NUUO NVRmini Products CVE-2018-14933 Remote Command Injection Vulnerability).
Exploit / POC
NUUO NVRmini Products CVE-2018-15716 Incomplete Fix Remote Command Injection Vulnerability
The researcher who discovered this issue has created a proof-of-concept to demonstrate the issue. The exploit is otherwise not publicly available.
The researcher who discovered this issue has created a proof-of-concept to demonstrate the issue. The exploit is otherwise not publicly available.
Solution / Fix
NUUO NVRmini Products CVE-2018-15716 Incomplete Fix Remote Command Injection Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].