Known Vulnerabilities for products from Nuuo
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Nuuo".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Nuuo can be found at device.report : Nuuo
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-23227 | NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add ... | 9.8 - CRITICAL | 2022-01-14 | 2022-01-21 |
| CVE-2019-9653 | NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via s... | 9.8 - CRITICAL | 2019-05-31 | 2020-08-24 |
| CVE-2018-19864 | NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a deni... | 9.8 - CRITICAL | 2018-12-05 | 2019-06-04 |
| CVE-2018-18982 | NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be use... | 8.8 - HIGH | 2018-11-27 | 2019-10-09 |
| CVE-2018-17936 | NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configu... | 9.8 - CRITICAL | 2018-11-27 | 2019-10-09 |
| CVE-2018-17934 | NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved... | 9.8 - CRITICAL | 2018-11-27 | 2019-10-09 |
| CVE-2018-17894 | NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could all... | 9.8 - CRITICAL | 2018-10-12 | 2019-10-09 |
| CVE-2018-17892 | NUUO CMS all versions 3.1 and prior, The application implements a method of user account control that causes standard account... | 8.8 - HIGH | 2018-10-12 | 2019-10-09 |
| CVE-2018-17890 | NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which ... | 9.8 - CRITICAL | 2018-10-12 | 2020-09-18 |
| CVE-2018-17888 | NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to ob... | 9.8 - CRITICAL | 2018-10-12 | 2019-10-09 |
| CVE-2018-15716 | NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to... | 8.8 - HIGH | 2018-11-30 | 2019-10-09 |
| CVE-2018-14933 | upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir paramete... | 9.8 - CRITICAL | 2018-08-04 | 2019-10-03 |
| CVE-2018-11523 | upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files. | 9.8 - CRITICAL | 2018-05-29 | 2018-06-29 |
| CVE-2018-1150 | NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user acc... | 7.3 - HIGH | 2018-09-19 | 2019-10-03 |
| CVE-2018-1149 | cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests. | 9.8 - CRITICAL | 2018-09-19 | 2018-12-07 |
| CVE-2016-6553 | Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdispl... | 9.8 - CRITICAL | 2018-07-13 | 2019-10-09 |
| CVE-2016-5680 | Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2... | 8.8 - HIGH | 2016-08-31 | 2017-09-03 |
| CVE-2016-5679 | cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated us... | 8.8 - HIGH | 2016-08-31 | 2017-09-03 |
| CVE-2016-5678 | NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote ... | 9.8 - CRITICAL | 2016-08-31 | 2017-09-03 |
| CVE-2016-5677 | NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 h... | 7.5 - HIGH | 2016-08-31 | 2017-09-03 |