Vulnerability Details CVE-2018-15716
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.504
EPSS Ranking 97.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- http://www.securityfocus.com/bid/106059
- https://github.com/tenable/poc/tree/master/nuuo/nvrmini2/cve_2018_15716
- https://www.exploit-db.com/exploits/45948/
- https://www.tenable.com/security/research/tra-2018-41
- http://www.securityfocus.com/bid/106059
- https://github.com/tenable/poc/tree/master/nuuo/nvrmini2/cve_2018_15716
- https://www.exploit-db.com/exploits/45948/
- https://www.tenable.com/security/research/tra-2018-41
Products affected by CVE-2018-15716
-
cpe:2.3:h:nuuo:ne-2020:-
-
cpe:2.3:h:nuuo:ne-2040:-
-
cpe:2.3:h:nuuo:ne-4080:-
-
cpe:2.3:h:nuuo:ne-4160:-
-
cpe:2.3:o:nuuo:nvrmini2_firmware:3.9.1