CVE-2022-23227
NUUO NVRmini2 Devices Missing Authentication Vulnerability
CVSS
—
No CVSS
EPSS
49.4%
p99
KEV
YES
Dec 18, 2024
Exploit Today
80
0-100
Published: — · Last modified: —
Product
NUUO / NVRmini2 Devices
Vulnerability
NUUO NVRmini2 Devices Missing Authentication Vulnerability
Added to KEV
Dec 18, 2024
Remediate by
Jan 8, 2025
Known ransomware use
No
Summary description
NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users.
Required action
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Notes
https://nuuo.com/wp-content/uploads/2023/03/NUUO-EOL-letter_NVRmini-2-and-NVRsolo-series.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2022-23227
No related CVEs by CWE or product.