exploitDog

CVE-2018-1149

Опубликовано: 19 сент. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Средний

Описание

cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.

Ссылки

http://www.securityfocus.com/bid/105720
Third Party Advisory
VDB Entry
https://github.com/tenable/poc/tree/master/nuuo/nvrmini2
Exploit
Third Party Advisory
https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf
Vendor Advisory
https://www.tenable.com/security/research/tra-2018-25
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/105720
Third Party Advisory
VDB Entry
https://github.com/tenable/poc/tree/master/nuuo/nvrmini2
Exploit
Third Party Advisory
https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf
Vendor Advisory
https://www.tenable.com/security/research/tra-2018-25
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:nuuo:nvrmini2_firmware:*:*:*:*:*:*:*:*

Версия до 3.8.0 (включая)

cpe:2.3:h:nuuo:nvrmini2:-:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.16744

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-wrq3-jg5x-9pp3

CVSS3: 9.8

github

больше 3 лет назад

cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.

EPSS

Процентиль: 95%

0.16744

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-119