CVE-2025-1338

CVSS v2.0

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions NUUO Camera versions prior to 20250203

Description A critical issue exists in NUUO Camera that allows for remote command injection. The issue affects the

print file

function within the

/handle config.php

file. Manipulation of the

log

argument can lead to arbitrary command execution. The vulnerability is remotely exploitable, and the exploit has been publicly disclosed. The vendor was informed of the issue but did not respond.

Recommendations Versions prior to 20250203 should be updated. As a temporary workaround, consider restricting access to the

/handle config.php

file. Avoid using the

log

parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

Command Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-74

Related Identifiers

CVE-2025-1338

Affected Products

Nuuo Camera

CVE-2025-1338

Weakness Enumeration

Related Identifiers

Affected Products

References · 13