Vulnerabilities > Nuuo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-21 | CVE-2022-33119 | Cross-site Scripting vulnerability in Nuuo Nvrsolo Firmware 03.06.02 NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php. | 4.3 |
| 2021-12-28 | CVE-2021-45812 | Cross-site Scripting vulnerability in Nuuo Nvrsolo Firmware 3.9.1 NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. | 4.3 |
| 2018-11-27 | CVE-2018-18982 | SQL Injection vulnerability in Nuuo CMS 3.1/3.3 NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution. | 6.5 |
| 2018-10-12 | CVE-2018-17892 | Unspecified vulnerability in Nuuo CMS 3.1 NUUO CMS all versions 3.1 and prior, The application implements a method of user account control that causes standard account security features to not be utilized as intended, which could allow user account compromise and may allow for remote code execution. | 6.5 |
| 2016-08-31 | CVE-2016-5677 | Information Exposure vulnerability in multiple products NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request. | 5.0 |
| 2016-08-31 | CVE-2016-5676 | Improper Authorization vulnerability in multiple products cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action. | 5.0 |