Vulnerabilities > Nuuo > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-04 | CVE-2018-14933 | OS Command Injection vulnerability in Nuuo Nvrmini Firmware 2016 upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. | 9.8 |
| 2018-07-13 | CVE-2016-6553 | Credentials Management vulnerability in Nuuo Nt-4040 Titan Firmware Nt404001.07.0000.00151120 Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111. | 9.8 |
| 2018-05-29 | CVE-2018-11523 | Unrestricted Upload of File with Dangerous Type vulnerability in Nuuo Nvrmini 2 Firmware 3.6.5 upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files. | 9.8 |
| 2016-08-31 | CVE-2016-5678 | Use of Hard-coded Credentials vulnerability in Nuuo Nvrmini 2 and Nvrsolo NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors. | 9.8 |
| 2016-08-31 | CVE-2016-5675 | Improper Input Validation vulnerability in multiple products handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter. | 9.8 |
| 2016-08-31 | CVE-2016-5674 | Improper Input Validation vulnerability in multiple products __debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter. | 9.8 |