NUUO NVRMini2 Authenticated Command Injection
High Nessus Plugin ID 119326
Synopsis
The remote host is affected by command injection vulnerability.
Description
The version of NUUO NVRMini2 installed on the remote host is affected by authenticated remote command injection vulnerability. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.
Solution
All users of NUUO NVRMini2 should upgrade to version 3.10.0 (03.10.0000.0005) or later. Otherwise, contact the vendor for a fix.