GCVE - cpe:2.3:o:nuuo:nvrmini2_firmware:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:nuuo:nvrmini2_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Nuuo (`9d792d33-2f8a-5712-a46c-4352a0a63a8f`)
Product	Nvrmini2 Firmware (`aa58a4e3-c188-591b-a6e4-4b029a16a722`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-23227`	vulnerable	2026-06-03 14:46:26.709451	Details available NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root. Published: 2022-01-14T17:13:57.000Z Updated: 2025-10-21T23:15:48.977Z Open on db.gcve.eu Reference links https://github.com/pedrib/PoC/blob/master/advisories/NUUO/nuuo_nvrmini_round2.mkd https://github.com/rapid7/metasploit-framework/pull/16044 https://portswigger.net/daily-swig/researcher-discloses-alleged-zero-day-vulnerabilities-in-nuuo-nvrmini2-recording-device https://news.ycombinator.com/item?id=29936569	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-1150`	vulnerable	2026-06-03 14:38:30.400715	Details available NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists. Published: 2018-09-19T15:00:00.000Z Updated: 2024-09-17T04:08:55.307Z Open on db.gcve.eu Reference links https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf https://www.tenable.com/security/research/tra-2018-25 http://www.securityfocus.com/bid/105720	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-1149`	vulnerable	2026-06-03 14:38:30.399539	Details available cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests. Published: 2018-09-19T15:00:00.000Z Updated: 2024-09-16T20:42:10.870Z Open on db.gcve.eu Reference links https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf https://github.com/tenable/poc/tree/master/nuuo/nvrmini2 https://www.tenable.com/security/research/tra-2018-25 http://www.securityfocus.com/bid/105720	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-19864`	vulnerable	2026-06-03 14:38:29.751698	Details available NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device. Published: 2018-12-05T11:00:00.000Z Updated: 2024-08-05T11:44:20.809Z Open on db.gcve.eu Reference links https://www.digitaldefense.com/blog/zero-day-alerts/nuuo-firmware-disclosure/ https://www.nuuo.com/DownloadMainpage.php http://packetstormsecurity.com/files/153162/NUUO-NVRMini-2-3.9.1-Stack-Overflow.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.