← back
CVE-2018-15716

CVE-2018-15716

EPSS 18.5%CWE-78
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.
Affected products
NUUO · NUUO NVRMini2
public PoCs found2
cve_referencewww.exploit-db.com/exploits/45948/unverifiedexploitdbwww.exploit-db.com/exploits/45948unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/tenable/poc/tree/master/nuuo/nvrmini2/cve_2018_15716https://www.exploit-db.com/exploits/45948/https://www.tenable.com/security/research/tra-2018-41http://www.securityfocus.com/bid/106059