NUUO NVRmini Products CVE-2018-15716 Incomplete Fix Remote Command Injection Vulnerability

NUUO NVRmini Products are prone to an remote command-injection vulnerability.

An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks.
NOTE: This issue is the result of an incomplete fix for the issue described in BID 106058 (NUUO NVRmini Products CVE-2018-14933 Remote Command Injection Vulnerability).


Bugtraq ID: 106059
Class: Input Validation Error
CVE: CVE-2018-15716

Remote: Yes
Local: No
Published: Nov 30 2018 12:00AM
Updated: Nov 30 2018 12:00AM
Credit: Tenable
Vulnerable: NUUO NVRsolo Plus 3.10
NUUO NVRsolo 3.10
NUUO NVRmini 2 3.10

Not Vulnerable:


The researcher who discovered this issue has created a proof-of-concept to demonstrate the issue. The exploit is otherwise not publicly available.


Related Posts