CVE-2018-15716

Name of the Vulnerable Software and Affected Versions NUUO NVRMini2 version 3.9.1

Description The issue allows for authenticated remote command injection. An attacker can send crafted requests to the "upgrade handle.php" endpoint to execute OS commands as root.

Recommendations For NUUO NVRMini2 version 3.9.1, consider restricting access to the "upgrade handle.php" endpoint until a patch is available. As a temporary workaround, avoid using the vulnerable endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.