Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
NUUO NVRmini2访问控制错误漏洞
Vulnerability Description
NUUO NVRMini2是中国台湾NUUO公司的一款小型网络硬盘录像机设备。 NUUO NVRmini2存在安全漏洞,该漏洞允许未经身份验证的攻击者上传加密的 TAR 存档,由于缺少 handle_import_user.php 身份验证,可滥用该存档添加任意用户。
CVSS Information
N/A
Vulnerability Type
N/A