Backdoor in NUUO NVRmini 2

#VU14815 Backdoor in NUUO NVRmini 2

Published: 2018-09-20

Vulnerability identifier: #VU14815

Vulnerability risk: Critical

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2018-1150

CWE-ID: CWE-732

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
NUUO NVRmini 2
Server applications / Conferencing, Collaboration and VoIP solutions

Vendor: NUUO Inc.

Description

The vulnerability allows a remote attacker to gain full access to the affected system.

The vulnerability exists due to presence of backdoor in the source code. A remote unauthenticated attacker can take over user accounts if "/tmp/moses" file is present on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

NUUO NVRmini 2: 3.0.0.63 - 3.8.0

External links
http://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf
http://www.tenable.com/security/research/tra-2018-25

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Multiple vulnerabilities in NUUO NVRMini2