Vulnerabilities > Nuuo

DATE CVE VULNERABILITY TITLE RISK
2018-10-12 CVE-2018-17894 Use of Hard-coded Credentials vulnerability in Nuuo CMS
NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access.
network
low complexity
nuuo CWE-798
critical
9.8
2018-10-12 CVE-2018-17892 Unspecified vulnerability in Nuuo CMS
NUUO CMS all versions 3.1 and prior, The application implements a method of user account control that causes standard account security features to not be utilized as intended, which could allow user account compromise and may allow for remote code execution.
network
low complexity
nuuo
8.8
2018-10-12 CVE-2018-17890 Unspecified vulnerability in Nuuo CMS
NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution.
network
low complexity
nuuo
critical
9.8
2018-10-12 CVE-2018-17888 Use of Insufficiently Random Values vulnerability in Nuuo CMS
NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution.
network
low complexity
nuuo CWE-330
critical
9.8
2018-09-19 CVE-2018-1150 Unspecified vulnerability in Nuuo Nvrmini2 Firmware
NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists.
network
low complexity
nuuo
7.3
2018-09-19 CVE-2018-1149 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nuuo Nvrmini2 Firmware
cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.
network
low complexity
nuuo CWE-119
critical
9.8
2018-08-04 CVE-2018-14933 OS Command Injection vulnerability in Nuuo Nvrmini Firmware 2016
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
network
low complexity
nuuo CWE-78
critical
9.8
2018-07-13 CVE-2016-6553 Credentials Management vulnerability in Nuuo Nt-4040 Titan Firmware Nt404001.07.0000.00151120
Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111.
network
low complexity
nuuo CWE-255
critical
9.8
2018-05-29 CVE-2018-11523 Unrestricted Upload of File with Dangerous Type vulnerability in Nuuo Nvrmini 2 Firmware 3.6.5
upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.
network
low complexity
nuuo CWE-434
critical
9.8
2016-08-31 CVE-2016-5680 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
network
low complexity
nuuo netgear CWE-119
8.8