[CVE-2018-14933] NUUO NVRmini Devices OS Command Injection Vulnerability

CISA KEV 정보

취약점명	NUUO NVRmini Devices OS Command Injection Vulnerability
설명	NUUO NVRmini devices contain an OS command injection vulnerability. This vulnerability allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
조치사항	The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
랜섬웨어 캠페인 악용	Unknown
CWE	CWE-78
등록일 (KEV)	2024-12-18
조치 기한	2025-01-08
추가 참고	https://nuuo.com/wp-content/uploads/2023/03/NUUO-EOL-letter%EF%BC%BFNVRmini-2-and-NVRsolo-series.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2018-14933

NVD 상세 정보

CVSS v3.1: 9.8 CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

설명: upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.

CWE: CWE-78 | CWE-78

참조

https://www.exploit-db.com/exploits/45070/ [Exploit, Third Party Advisory, VDB Entry]
https://www.exploit-db.com/exploits/46340/ [Exploit, Third Party Advisory, VDB Entry]
https://www.exploit-db.com/exploits/45070/ [Exploit, Third Party Advisory, VDB Entry]
https://www.exploit-db.com/exploits/46340/ [Exploit, Third Party Advisory, VDB Entry]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14933 [US Government Resource]

This product uses the NVD API but is not endorsed or certified by the NVD.

바로 가기

[CVE-2018-14933] NUUO NVRmini Devices OS Command Injection Vulnerability

CISA KEV 정보

NVD 상세 정보

참조

IT 도구 서랍