CVE-2022-23227
NUUO NVRmini2 Devices Missing Authentication Vulnerability
CVSS
—
Sin CVSS
EPSS
49.4%
p99
KEV
SÍ
18 dic 2024
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
NUUO / NVRmini2 Devices
Vulnerabilidad
NUUO NVRmini2 Devices Missing Authentication Vulnerability
Añadido a KEV
18 dic 2024
Remediar antes de
8 ene 2025
Uso conocido en ransomware
No
Descripción resumida
NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users.
Acción requerida
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Notas
https://nuuo.com/wp-content/uploads/2023/03/NUUO-EOL-letter_NVRmini-2-and-NVRsolo-series.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2022-23227
Sin CVEs relacionados por CWE o producto.