Vulnerabilities > Nuuo > Nvrmini2 Firmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-14 | CVE-2022-23227 | Missing Authentication for Critical Function vulnerability in Nuuo Nvrmini2 Firmware NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. | 10.0 |
| 2018-12-05 | CVE-2018-19864 | Improper Input Validation vulnerability in Nuuo Nvrmini2 Firmware NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device. | 10.0 |
| 2018-11-30 | CVE-2018-15716 | OS Command Injection vulnerability in Nuuo Nvrmini2 Firmware 3.9.1 NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. | 9.0 |
| 2018-09-19 | CVE-2018-1149 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nuuo Nvrmini2 Firmware cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests. | 10.0 |