mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
810 B
810 B
CVE-2018-15716
Description
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.
POC
Reference
- https://github.com/tenable/poc/tree/master/nuuo/nvrmini2/cve_2018_15716
- https://www.exploit-db.com/exploits/45948/
- https://www.tenable.com/security/research/tra-2018-41