NUUO 3.0.8 strong_user.php Backdoor Remote Shell Access

Posted by deepcore on August 7, 2016 – 7:57 am

NUUO NVRmini, NVRmini2, Crystal and NVRSolo devices have a hidden PHP script that when called, a backdoor user is created with poweruser privileges that is able to read and write files on the affected device. The backdoor user ‘bbb’ when created with the password ‘111111’ by visiting ‘strong_user.php’ script is able to initiate a secure shell session and further steal and/or destroy sensitive information.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« How Many Zero-Day Vulns Is Uncle Sam Sitting On? WordPress Store Locator Plus 4.5.09 Cross Site Scripting »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

NUUO 3.0.8 strong_user.php Backdoor Remote Shell Access

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL