NUUO NVRMini2 Authenticated Command Injection
High Nessus Plugin ID 119326
SynopsisThe remote host is affected by command injection vulnerability.
DescriptionThe version of NUUO NVRMini2 installed on the remote host is affected by authenticated remote command injection vulnerability. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.
SolutionAll users of NUUO NVRMini2 should upgrade to version 3.10.0 (03.10.0000.0005) or later. Otherwise, contact the vendor for a fix.