Vulnerabilities > Nuuo > Nvrmini2 Firmware > 3.9.1

DATE CVE VULNERABILITY TITLE RISK
2022-01-14 CVE-2022-23227 Missing Authentication for Critical Function vulnerability in Nuuo Nvrmini2 Firmware
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication.
network
low complexity
nuuo CWE-306
critical
 9.8
9.8
2018-12-05 CVE-2018-19864 Improper Input Validation vulnerability in Nuuo Nvrmini2 Firmware
NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device.
network
low complexity
nuuo CWE-20
critical
 9.8
9.8
2018-11-30 CVE-2018-15716 OS Command Injection vulnerability in Nuuo Nvrmini2 Firmware 3.9.1
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection.
network
low complexity
nuuo CWE-78
8.8
8.8