NUUO NVRmini2 Network Video Recorder firmware vulnerability allows arbitrary code

News by Robert Abel

Vulnerability in NUUO NVRmini2 Network Video Recorder firmware.?NVRmini2 firmware version 3.9.1 and prior could allow unauthenticated remote attacker to execute arbitrary code with root privileges.

A vulnerability in NUUO NVRmini2 Network Video Recorder firmware.?NVRmini2 firmware version 3.9.1 and prior could allow an unauthenticated remote attacker to execute arbitrary code on the system with root privileges.

The product is vulnerable to an unauthenticated remote buffer overflow caused by the improper sanitisations of user-supplied inputs and a lack of length checks on data used in unsafe string operations on local stack variables, according to a 29 November press statement.

An attacker could exploit this flaw to access and/or modify the camera feeds to the NVR and change the configuration or recordings on the NVR.

NUUO has since released a patch for the vulnerability which could be downloaded  from the company website.

"NUUO has worked closely with our VRT to ensure a fix is available to organisations utilising the affected firmware," Tom DeSot, executive vice president and CIO at Digital Defense, said " NUUO’s rapid response to the identification of the issue and collaboration has resulted in a quick resolution."

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events