Exploit for #VU16228 OS command injection in NUUO NVRmini 2

Exploit for #VU16228 OS command injection in NUUO NVRmini 2

Published: 2020-03-18

Vulnerability identifier: #VU16228

Vulnerability risk: High

CVSSv3.1: 9.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C]

CVE-ID: CVE-2018-14933

CWE-ID: CWE-78

Exploitation vector: Network

Exploits in database: 1

March 18, 2020
- NUUO NVRmini upgrade_handle.php Remote Command Execution [Metasploit]

Impact: Code execution

Vulnerable software:
NUUO NVRmini 2
Server applications / Conferencing, Collaboration and VoIP solutions

Vendor: NUUO Inc.