CVE-2018-19864

Опубликовано: 05 дек. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Средний

Описание

NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device.

Ссылки

http://packetstormsecurity.com/files/153162/NUUO-NVRMini-2-3.9.1-Stack-Overflow.html
https://www.digitaldefense.com/blog/zero-day-alerts/nuuo-firmware-disclosure/
Patch
Third Party Advisory
https://www.nuuo.com/DownloadMainpage.php
Release Notes
Vendor Advisory
http://packetstormsecurity.com/files/153162/NUUO-NVRMini-2-3.9.1-Stack-Overflow.html
https://www.digitaldefense.com/blog/zero-day-alerts/nuuo-firmware-disclosure/
Patch
Third Party Advisory
https://www.nuuo.com/DownloadMainpage.php
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:nuuo:nvrmini2_firmware:*:*:*:*:*:*:*:*

Версия до 3.9.1 (включая)

EPSS

Процентиль: 97%

0.32576

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-w4qr-pphv-89c3