CVE-2018-1149 Information

Description

cgi_system in NUUO’s NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/105720 https://github.com/tenable/poc/tree/master/nuuo/nvrmini2 https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release20note.pdf https://www.tenable.com/security/research/tra-2018-25

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8