CVE-2018-14933 - NUUO NVRmini Devices OS Command Injection Vulnerability
Project:NUUO
Product:NVRmini Devices
Date Added:2024-12-18Due Date:2025-01-08
Vulnerability Name
NUUO NVRmini Devices OS Command Injection Vulnerability
Description
NUUO NVRmini devices contain an OS command injection vulnerability. This vulnerability allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Additional Notes
https://nuuo.com/wp-content/uploads/2023/03/NUUO-EOL-letter%EF%BC%BFNVRmini-2-and-NVRsolo-series.pdf
https://nvd.nist.gov/vuln/detail/CVE-2018-14933