Known Vulnerabilities for products from Nuuo
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Nuuo".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Nuuo can be found at device.report : Nuuo
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-33119 json | NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability ... | 6.1 - MEDIUM | 2022-06-21 | 2022-06-29 |
| CVE-2022-25521 json | NUUO v03.11.00 was discovered to contain access control issue. | 9.8 - CRITICAL | 2022-03-29 | 2023-11-07 |
| CVE-2022-23227 json | NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add ... | 9.8 - CRITICAL | 2022-01-14 | 2022-01-21 |
| CVE-2021-45812 json | NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal th... | 6.1 - MEDIUM | 2021-12-28 | 2022-01-07 |
| CVE-2019-9653 json | NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via s... | 9.8 - CRITICAL | 2019-05-31 | 2020-08-24 |
| CVE-2018-19864 json | NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a deni... | 9.8 - CRITICAL | 2018-12-05 | 2019-06-04 |
| CVE-2018-18982 json | NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be use... | 8.8 - HIGH | 2018-11-27 | 2019-10-09 |
| CVE-2018-17936 json | NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configu... | 9.8 - CRITICAL | 2018-11-27 | 2019-10-09 |
| CVE-2018-17934 json | NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved... | 9.8 - CRITICAL | 2018-11-27 | 2019-10-09 |
| CVE-2018-17894 json | NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could all... | 9.8 - CRITICAL | 2018-10-12 | 2019-10-09 |
| CVE-2018-17892 json | NUUO CMS all versions 3.1 and prior, The application implements a method of user account control that causes standard account... | 8.8 - HIGH | 2018-10-12 | 2019-10-09 |
| CVE-2018-17890 json | NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which ... | 9.8 - CRITICAL | 2018-10-12 | 2020-09-18 |
| CVE-2018-17888 json | NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to ob... | 9.8 - CRITICAL | 2018-10-12 | 2019-10-09 |
| CVE-2018-15716 json | NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to... | 8.8 - HIGH | 2018-11-30 | 2019-10-09 |
| CVE-2018-14933 json | upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir paramete... | 9.8 - CRITICAL | 2018-08-04 | 2019-10-03 |
| CVE-2018-11523 json | upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files. | 9.8 - CRITICAL | 2018-05-29 | 2018-06-29 |
| CVE-2018-1150 json | NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user acc... | 7.3 - HIGH | 2018-09-19 | 2019-10-03 |
| CVE-2018-1149 json | cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests. | 9.8 - CRITICAL | 2018-09-19 | 2018-12-07 |
| CVE-2016-6553 json | Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdispl... | 9.8 - CRITICAL | 2018-07-13 | 2019-10-09 |
| CVE-2016-5680 json | Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2... | 8.8 - HIGH | 2016-08-31 | 2017-09-03 |