upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
2018-08-04T19:29:00.263
2025-02-06T15:30:19.173
Analyzed
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Operating System | nuuo | nvrmini_firmware | 2016 | Yes |
Hardware | nuuo | nvrmini | - | No |