CVE-2018-15716

Summary

NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.

Affected Software

VendorProductVersion RangeStatus
NUUONUUO NVRMini23.9.1affected

Weaknesses

  • CWE-78: CWE-78 Command Injection

ADP Enrichment

CVE Program Container

Additional References

References