Between 180,000 and 800,000 IP-based closed-circuit television cameras are vulnerable to a zero-day vulnerability and a backdoor that allows an attacker remote code execution. Tenable issued the advisory today, the bugs are rated critical and tied to firmware possibly used in one of 100 different cameras that run the affected NVRMini2 webserver software. NUUO, the company that makes the firmware, is hopefully issuing a patch for the bug tomorrow, NUUO was notified in June of the vulnerability.
More info: :: tenable.com ::
POC can be found :: here ::
One thought on “CVE-2018-1149 & CVE-2018-1150 NUUO DVR firmware exploits”
Leave a Reply
You must be logged in to post a comment.
well i just used this blog post in one of my ethical hacking classes, so there’s that.