The web interface contains a number of critical vulnerabilities that can be abused by unauthenticated attackers. These consist of monitoring backdoors left in the PHP files that are supposed to be used by NUUO’s engineers, hardcoded credentials, poorly sanitised input and a buffer overflow which can be abused to achieve code execution on NUUO’s devices as root, and on NETGEAR as the admin user.
Source: Full Disclosure: Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance
That’s a disaster! And the manufacturers are not responding!
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft
robin@edgarbv.com
https://www.edgarbv.com