CVE-2018-14933
NUUO NVRmini Devices OS Command Injection Vulnerability
CVSS
—
No CVSS
EPSS
93.7%
p100
KEV
YES
Dec 18, 2024
Exploit Today
80
0-100
Published: — · Last modified: —
Product
NUUO / NVRmini Devices
Vulnerability
NUUO NVRmini Devices OS Command Injection Vulnerability
Added to KEV
Dec 18, 2024
Remediate by
Jan 8, 2025
Known ransomware use
No
Summary description
NUUO NVRmini devices contain an OS command injection vulnerability. This vulnerability allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
Required action
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Notes
https://nuuo.com/wp-content/uploads/2023/03/NUUO-EOL-letter%EF%BC%BFNVRmini-2-and-NVRsolo-series.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2018-14933
No related CVEs by CWE or product.