CVE-2025-1338

CVSS v2.0

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: NUUO Camera versions up to 20250203

Description: A critical vulnerability affects the function

print file

of the file

/handle config.php

. The manipulation of the argument

log

leads to command injection. The attack can be initiated remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations: For versions up to 20250203, as a temporary workaround, consider disabling the

print file

function in the

/handle config.php

file until a patch is available. Restrict access to the

/handle config.php

file to minimize the risk of exploitation. Avoid using the argument

log

in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-77

Related Identifiers

CVE-2025-1338

Affected Products

Nuuo Camera

CVE-2025-1338

Weakness Enumeration

Related Identifiers

Affected Products

References · 10