CVE-2018-14933
NUUO NVRmini Devices OS Command Injection Vulnerability
CVSS
—
Sin CVSS
EPSS
93.7%
p100
KEV
SÍ
18 dic 2024
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
NUUO / NVRmini Devices
Vulnerabilidad
NUUO NVRmini Devices OS Command Injection Vulnerability
Añadido a KEV
18 dic 2024
Remediar antes de
8 ene 2025
Uso conocido en ransomware
No
Descripción resumida
NUUO NVRmini devices contain an OS command injection vulnerability. This vulnerability allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
Acción requerida
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Notas
https://nuuo.com/wp-content/uploads/2023/03/NUUO-EOL-letter%EF%BC%BFNVRmini-2-and-NVRsolo-series.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2018-14933
Sin CVEs relacionados por CWE o producto.