CVE-2022-33119

Name of the Vulnerable Software and Affected Versions NUUO Network Video Recorder NVRsolo version 03.06.02

Description A reflected cross-site scripting (XSS) issue was found in the login.php file. This issue can be exploited via the "login.php" endpoint. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was exploited are not provided.

Recommendations For version 03.06.02, consider disabling access to the "login.php" endpoint until a patch is available. As a temporary workaround, restrict the use of the login functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.