CVE-2022-23227 - NUUO NVRmini2 Devices Missing Authentication Vulnerability
Project:NUUO
Product:NVRmini2 Devices
Date Added:2024-12-18Due Date:2025-01-08
Vulnerability Name
NUUO NVRmini2 Devices Missing Authentication Vulnerability
Description
NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Additional Notes
https://nuuo.com/wp-content/uploads/2023/03/NUUO-EOL-letter_NVRmini-2-and-NVRsolo-series.pdf
https://nvd.nist.gov/vuln/detail/CVE-2022-23227