Описание
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root.
Ссылки
- ExploitThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- US Government Resource
Уязвимые конфигурации
Одновременно
EPSS
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
Связанные уязвимости
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root.
Уязвимость сценария handle_import_user.php микропрограммного обеспечения сетевых видеорегистраторов NUUO NVRmini 2, позволяющая нарушителю получить доступ на чтение, изменение или удаление данных
EPSS
9.8 Critical
CVSS3
10 Critical
CVSS2