Authenticated Remote Command Injection in NUUO NVRMini2 version 3.9.1

Authenticated Remote Command Injection in NUUO NVRMini2 version 3.9.1

CVE-2018-15716 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.

Learn more about our Web Application Penetration Testing UK.