CVE-2022-23227
CVE-2022-23227
In short
An unauthenticated attacker can upload a malicious TAR file to NUUO NVRmini2 recorders without logging in, allowing them to create unauthorized users and potentially gain complete control of the system.
Technical detail
The vulnerability stems from missing authentication in handle_import_user.php, permitting unauthenticated TAR archive uploads. When chained with CVE-2011-5325 (arbitrary file overwrite), an attacker can achieve arbitrary file write under the web root and execute commands as root.
Summary generated and translated by AI from the official description.
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/pedrib/PoC/blob/master/advisories/NUUO/nuuo_nvrmini_round2.mkdhttps://github.com/rapid7/metasploit-framework/pull/16044https://news.ycombinator.com/item?id=29936569https://portswigger.net/daily-swig/researcher-discloses-alleged-zero-day-vulnerabilities-in-nuuo-nvrmini2-recording-devicehttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-23227