CVE-2025-1338

Name of the Vulnerable Software and Affected Versions NUUO Camera versions prior to 20250203

Description A critical issue exists in NUUO Camera that allows for remote command injection. The issue affects the print file function within the /handle config.php file. Manipulation of the log argument can lead to arbitrary command execution. The vulnerability is remotely exploitable, and the exploit has been publicly disclosed. The vendor was informed of the issue but did not respond.

Recommendations Versions prior to 20250203 should be updated. As a temporary workaround, consider restricting access to the /handle config.php file. Avoid using the log parameter in the affected API endpoint until the issue is resolved.