Sign-up

ID

VAR-201808-0424


CVE

CVE-2018-14933


TITLE

NUUO NVRmini Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008594

DESCRIPTION

upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. NUUO NVRmini Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO NVRmini Products are prone to an remote command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks. NUUO NVRmini is a video storage management device produced by American NUUO company. There is a security vulnerability in the upgrade_handle.php file in NUUO NVRmini

Trust: 2.07

sources: NVD: CVE-2018-14933 // JVNDB: JVNDB-2018-008594 // BID: 106058 // VULHUB: VHN-125142 // VULMON: CVE-2018-14933

AFFECTED PRODUCTS

vendor:nuuomodel:nvrminiscope:eqversion:2016

Trust: 1.6

vendor:nuuomodel:nvrmini 2scope: - version: -

Trust: 0.8

vendor:nuuomodel:nvrsolo plusscope:eqversion:0

Trust: 0.3

vendor:nuuomodel:nvrsoloscope:eqversion:0

Trust: 0.3

vendor:nuuomodel:nvrminiscope:eqversion:20

Trust: 0.3

vendor:nuuomodel:nvrsolo plusscope:neversion:3.10

Trust: 0.3

vendor:nuuomodel:nvrsoloscope:neversion:3.10

Trust: 0.3

vendor:nuuomodel:nvrminiscope:neversion:23.10

Trust: 0.3

sources: BID: 106058 // JVNDB: JVNDB-2018-008594 // CNNVD: CNNVD-201808-110 // NVD: CVE-2018-14933

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14933
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-14933
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201808-110
value: CRITICAL

Trust: 0.6

VULHUB: VHN-125142
value: HIGH

Trust: 0.1

VULMON: CVE-2018-14933
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-14933
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-125142
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-14933
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-125142 // VULMON: CVE-2018-14933 // JVNDB: JVNDB-2018-008594 // CNNVD: CNNVD-201808-110 // NVD: CVE-2018-14933

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-125142 // JVNDB: JVNDB-2018-008594 // NVD: CVE-2018-14933

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-110

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201808-110

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008594

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-125142 // 
            
            
            
            VULMON: CVE-2018-14933

PATCH
title:Top Pageurl:https://www.nuuo.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-008594

EXTERNAL IDS
db:NVDid:CVE-2018-14933
Trust: 2.9
db:EXPLOIT-DBid:45070
Trust: 2.9
db:EXPLOIT-DBid:46340
Trust: 1.8
db:JVNDBid:JVNDB-2018-008594
Trust: 0.8
db:CNNVDid:CNNVD-201808-110
Trust: 0.7
db:BIDid:106058
Trust: 0.3
db:PACKETSTORMid:151573
Trust: 0.1
db:VULHUBid:VHN-125142
Trust: 0.1
db:VULMONid:CVE-2018-14933
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125142 // 
            
            
            
            VULMON: CVE-2018-14933 // 
            
            
            
            BID: 106058 // 
            
            
            
            JVNDB: JVNDB-2018-008594 // 
            
            
            
            CNNVD: CNNVD-201808-110 // 
            
            
            
            NVD: CVE-2018-14933

REFERENCES
url:https://www.exploit-db.com/exploits/45070/
Trust: 2.6
url:https://www.exploit-db.com/exploits/46340/
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14933
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-14933
Trust: 0.8
url:https://www.exploit-db.com/exploits/45070
Trust: 0.3
url:https://www.nuuo.com
Trust: 0.3
url:https://github.com/tenable/poc/tree/master/nuuo/nvrmini2/cve_2018_1149
Trust: 0.3
url:https://www.nuuo.com/newsdetail.php?id=0425
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.exploit-db.com/exploits/46340
Trust: 0.1
url:https://www.rapid7.com/db/modules/exploit/multi/http/nuuo_nvrmini_upgrade_rce
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125142 // 
            
            
            
            VULMON: CVE-2018-14933 // 
            
            
            
            BID: 106058 // 
            
            
            
            JVNDB: JVNDB-2018-008594 // 
            
            
            
            CNNVD: CNNVD-201808-110 // 
            
            
            
            NVD: CVE-2018-14933

CREDITS
Tenable
Trust: 0.3
sources:
            
            
            BID: 106058

SOURCES
db:VULHUBid:VHN-125142
db:VULMONid:CVE-2018-14933
db:BIDid:106058
db:JVNDBid:JVNDB-2018-008594
db:CNNVDid:CNNVD-201808-110
db:NVDid:CVE-2018-14933

LAST UPDATE DATE
2024-12-19T23:19:38.484000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125142date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-14933date:2019-10-03T00:00:00
db:BIDid:106058date:2018-09-19T00:00:00
db:JVNDBid:JVNDB-2018-008594date:2018-10-24T00:00:00
db:CNNVDid:CNNVD-201808-110date:2019-10-08T00:00:00
db:NVDid:CVE-2018-14933date:2024-12-19T02:00:02.193

SOURCES RELEASE DATE
db:VULHUBid:VHN-125142date:2018-08-04T00:00:00
db:VULMONid:CVE-2018-14933date:2018-08-04T00:00:00
db:BIDid:106058date:2018-09-19T00:00:00
db:JVNDBid:JVNDB-2018-008594date:2018-10-24T00:00:00
db:CNNVDid:CNNVD-201808-110date:2018-08-06T00:00:00
db:NVDid:CVE-2018-14933date:2018-08-04T19:29:00.263