NUUO 3.0.8 Remote Root

Posted by deepcore on August 7, 2016 – 7:57 am

NUUO NVRmini, NVRmini2, Crystal and NVRSolo suffer from an unauthenticated command injection vulnerability. Due to an undocumented and hidden debugging script, an attacker can inject and execute arbitrary code as the root user via the ‘log’ GET parameter in the ‘__debugging_center_utils___.php’ script. Included is a remote root exploit and an nse file. Versions 3.0.8 and below are affected.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« How Many Zero-Day Vulns Is Uncle Sam Sitting On? WordPress Store Locator Plus 4.5.09 Cross Site Scripting »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

NUUO 3.0.8 Remote Root

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL