来源

关联漏洞

描述

 This repository contains a proof-of-concept exploit script for CVE-2025-1338

介绍

# CVE-2025-1338
 This repository contains a proof-of-concept exploit script for CVE-2025-1338
 1.Introduction to NUUO-Camera
 NUUO camera is a network video recorder (NVR) produced by NUUO Company in Taiwan Province, China. It is widely used in many fields such as retail, transportation, education, government and banking.
 
2.Introduction to the vulnerability
 NUUO Camera 20250203 and earlier has an injection vulnerability, which originates from command injection in handle_config.php and __debugging_center_utils___.php with parameter log.
 • First inclusion: February 16, 2025
 • Impact version: version<=20250203
 • Exploit number: CVE-2025-1338

3.Use
 
 Example: python CVE-2025-1338.py -f url.txt -t 100  
 Parameter description:
 - `-f / --file`: Required. Path to the file containing the list of target URLs (one URL per line, supports both http and https).
- `-t / --threads`: Optional. Number of concurrent threads for detection. Default value is 10 (it is recommended not to exceed 200).
- `-o / --output`: Optional. Path to the output file for saving results. Default file name is "nuao_rce_results.txt" (only saves targets with vulnerabilities).
- `-v / --version`: Optional. Displays the help information for the script (same function as --help).

文件快照

 [4.0K]  /data/pocs/ee74a243f26f0d72080dc93ba260339649b8135b
├── [6.4K]  CVE-2025-1338.py
└── [1.2K]  README.md

0 directories, 2 files

备注