Nuuo
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Nuuo product.
RSS Feeds for Nuuo security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Nuuo products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Nuuo Sorted by Most Security Vulnerabilities since 2018
Known Exploited Nuuo Vulnerabilities
The following Nuuo vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| NUUO NVRmini 2 Devices Missing Authentication Vulnerability |
NUUO NVRmini 2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users. CVE-2022-23227 Exploit Probability: 53.5% |
December 18, 2024 |
| NUUO NVRmini Devices OS Command Injection Vulnerability |
NUUO NVRmini devices contain an OS command injection vulnerability. This vulnerability allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. CVE-2018-14933 Exploit Probability: 93.9% |
December 18, 2024 |
The vulnerability CVE-2018-14933: NUUO NVRmini Devices OS Command Injection Vulnerability is in the top 1% of the currently known exploitable vulnerabilities. The vulnerability CVE-2022-23227: NUUO NVRmini 2 Devices Missing Authentication Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
By the Year
In 2026 there have been 0 vulnerabilities in Nuuo. Nuuo did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 9.80 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 9 | 9.58 |
It may take a day or so for new Nuuo vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Nuuo Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2022-25521 | Mar 29, 2022 |
NUUO v03.11.00 was discovered to contain access control issue.NUUO v03.11.00 was discovered to contain access control issue. |
Unno
Network Video Recorder Firmware
|
| CVE-2022-23227 | Jan 14, 2022 |
NUUO NVRmini2 through 3.11NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root. |
Nvrmini2 Firmware
|
| CVE-2018-19864 | Dec 05, 2018 |
NUUO NVRmini2 Network Video Recorder firmware through 3.9.1NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device. |
Nvrmini2 Firmware
|
| CVE-2018-17934 | Nov 27, 2018 |
NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathnameNUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code. |
Nuuo Cms
|
| CVE-2018-17936 | Nov 27, 2018 |
NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary filesNUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution. |
Nuuo Cms
|
| CVE-2018-18982 | Nov 27, 2018 |
NUUO CMS All versions 3.3 and prior the web server applicationNUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution. |
Nuuo Cms
|
| CVE-2018-17888 | Oct 12, 2018 |
NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanismNUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution. |
Nuuo Cms
|
| CVE-2018-17890 | Oct 12, 2018 |
NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which couldNUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution. |
Nuuo Cms
|
| CVE-2018-17892 | Oct 12, 2018 |
NUUO CMS all versions 3.1 and prior, The application implements a method of user account controlNUUO CMS all versions 3.1 and prior, The application implements a method of user account control that causes standard account security features to not be utilized as intended, which could allow user account compromise and may allow for remote code execution. |
Nuuo Cms
|
| CVE-2018-17894 | Oct 12, 2018 |
NUUO CMS all versions 3.1 and prior, The application creates default accountsNUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access. |
Nuuo Cms
|
| CVE-2018-14933 | Aug 04, 2018 |
upgrade_handle.php on NUUO NVRmini devicesupgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. |
Nvrmini Firmware
|