CVE-2022-23227—NUUO NVRmini2 Devices Missing Authentication Vulnerability
PUBLISHEDvulnerability record
2024-12-18 · last modified June 21, 2025
Metadata
Vulnerability Name
NUUO NVRmini2 Devices Missing Authentication Vulnerability
Description
NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users.
Known To Be Used in Ransomware Campaigns?
Action
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.