CVE-2022-23227NUUO NVRmini2 Devices Missing Authentication Vulnerability

PUBLISHEDvulnerability record
2024-12-18 · last modified June 21, 2025

Metadata

CVE ID:
CVE-2022-23227
Project:
NUUO
Product:
NVRmini2 Devices
Date Added:
2024-12-18
Due Date:
2025-01-08
Last Updated:
June 21, 2025

Vulnerability Name

NUUO NVRmini2 Devices Missing Authentication Vulnerability

Description

NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
Unknown

Action

The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Additional Notes

Related Weaknesses