exploitDog

GHSA-88f8-4pc7-v956

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.

NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.

Ссылки

EPSS

Процентиль: 98%

0.54044

Средний

8.8 High

CVSS3

CVE ID

Дефекты

CWE-78

Связанные уязвимости

CVE-2018-15716

CVSS3: 8.8

nvd

около 7 лет назад

NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.

EPSS

Процентиль: 98%

0.54044

Средний

8.8 High

CVSS3

CVE ID

Дефекты

CWE-78