Monday, January 24, 2022


NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root. (CVSS:10.0) (Last Update:2022-01-21)

No comments:

Post a Comment

NFPs “inherently vulnerable” to cyber security attacks - Pro Bono Australia

NFPs “inherently vulnerable” to cyber security attacks  Pro Bono Australia