Sign-up

ID

VAR-201809-0280


CVE

CVE-2018-1149


TITLE

NUUO NVRMini2 Remote code execution vulnerability

Trust: 0.8

sources: IVD: e2fb9481-39ab-11e9-880f-000c29342cb1 // CNVD: CNVD-2018-19317

DESCRIPTION

cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests. NUUO NVRMini2 Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO is one of the monitoring solution providers, and NUUO NVRMini 2 is a NAS-enabled NVR solution. NUUO NVRMini2 has a remote code execution vulnerability. Due to program logic defects, the length of the HTTP header cookie field was not checked when processing the GET request of /cgi-bin/cgi_system and the sprintf function was used for splicing, resulting in a stack overflow. By constructing specially crafted data, an attacker can exploit this vulnerability to execute arbitrary commands on the target device. Failed exploit attempts may result in a denial-of-service condition. NVRmini2 and NVRsolo 3.8.0 and prior are vulnerable. NUUO NVRmini 2 is a video storage management device produced by American NUUO company. There is a security vulnerability in cgi_system in NUUO NVRMini 2 3.8.0 and earlier versions

Trust: 2.79

sources: NVD: CVE-2018-1149 // JVNDB: JVNDB-2018-011477 // CNVD: CNVD-2018-19317 // BID: 105720 // IVD: e2fb9481-39ab-11e9-880f-000c29342cb1 // VULHUB: VHN-121354 // VULMON: CVE-2018-1149

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2fb9481-39ab-11e9-880f-000c29342cb1 // CNVD: CNVD-2018-19317

AFFECTED PRODUCTS

vendor:nuuomodel:nvrmini2scope:lteversion:3.8.0

Trust: 1.0

vendor:nuuomodel:nvrmini 2scope:lteversion:3.8.0

Trust: 0.8

vendor:nuuomodel:nvrmini2scope:eqversion:03.07.0000.0011

Trust: 0.6

vendor:nuuomodel:nvrmini2scope:eqversion:03.08.0000.0005

Trust: 0.6

vendor:nuuomodel:nvrmini2scope:eqversion:3.8.0

Trust: 0.6

vendor:nuuomodel:nvrsoloscope:eqversion:3.8

Trust: 0.3

vendor:nuuomodel:nvrsoloscope:eqversion:3.0

Trust: 0.3

vendor:nuuomodel:nvrsoloscope:eqversion:2.0

Trust: 0.3

vendor:nuuomodel:nvrsoloscope:eqversion:1.0

Trust: 0.3

vendor:nuuomodel:nvrminiscope:eqversion:23.8

Trust: 0.3

vendor:nuuomodel:nvrminiscope:eqversion:23.0

Trust: 0.3

vendor:nuuomodel:nvrminiscope:eqversion:22.0

Trust: 0.3

vendor:nuuomodel:nvrminiscope:eqversion:21.7.5

Trust: 0.3

vendor:nuuomodel:nvrsoloscope:neversion:3.9.1

Trust: 0.3

vendor:nuuomodel:nvrminiscope:neversion:23.9.1

Trust: 0.3

vendor:nvrmini2model: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2fb9481-39ab-11e9-880f-000c29342cb1 // CNVD: CNVD-2018-19317 // BID: 105720 // JVNDB: JVNDB-2018-011477 // CNNVD: CNNVD-201809-862 // NVD: CVE-2018-1149

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1149
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-1149
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-19317
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201809-862
value: CRITICAL

Trust: 0.6

IVD: e2fb9481-39ab-11e9-880f-000c29342cb1
value: CRITICAL

Trust: 0.2

VULHUB: VHN-121354
value: HIGH

Trust: 0.1

VULMON: CVE-2018-1149
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-1149
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-19317
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2fb9481-39ab-11e9-880f-000c29342cb1
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-121354
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1149
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2fb9481-39ab-11e9-880f-000c29342cb1 // CNVD: CNVD-2018-19317 // VULHUB: VHN-121354 // VULMON: CVE-2018-1149 // JVNDB: JVNDB-2018-011477 // CNNVD: CNNVD-201809-862 // NVD: CVE-2018-1149

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-121354 // JVNDB: JVNDB-2018-011477 // NVD: CVE-2018-1149

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-862

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: e2fb9481-39ab-11e9-880f-000c29342cb1 // CNNVD: CNNVD-201809-862

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011477

PATCH
title:NUUO version 3.9.1 Release date_2018.09url:https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf
Trust: 0.8
title:NUUO NVRMini 2 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84988
Trust: 0.6
title:Exp101tsArchiv30thersurl:https://github.com/nu11secur1ty/Exp101tsArchiv30thers 
Trust: 0.1
title:awesome-cve-poc_qazbnm456url:https://github.com/xbl3/awesome-cve-poc_qazbnm456 
Trust: 0.1
title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/critical-rce-peekaboo-bug-in-nvr-surveillance-system-poc-available/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-1149 // 
            
            
            
            JVNDB: JVNDB-2018-011477 // 
            
            
            
            CNNVD: CNNVD-201809-862

EXTERNAL IDS
db:NVDid:CVE-2018-1149
Trust: 3.7
db:TENABLEid:TRA-2018-25
Trust: 2.4
db:BIDid:105720
Trust: 1.5
db:ICS CERTid:ICSA-18-284-01
Trust: 1.2
db:CNNVDid:CNNVD-201809-862
Trust: 0.9
db:CNVDid:CNVD-2018-19317
Trust: 0.8
db:JVNDBid:JVNDB-2018-011477
Trust: 0.8
db:IVDid:E2FB9481-39AB-11E9-880F-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-121354
Trust: 0.1
db:VULMONid:CVE-2018-1149
Trust: 0.1
sources:
            
            
            IVD: e2fb9481-39ab-11e9-880f-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-19317 // 
            
            
            
            VULHUB: VHN-121354 // 
            
            
            
            VULMON: CVE-2018-1149 // 
            
            
            
            BID: 105720 // 
            
            
            
            JVNDB: JVNDB-2018-011477 // 
            
            
            
            CNNVD: CNNVD-201809-862 // 
            
            
            
            NVD: CVE-2018-1149

REFERENCES
url:https://www.tenable.com/security/research/tra-2018-25
Trust: 2.4
url:https://github.com/tenable/poc/tree/master/nuuo/nvrmini2
Trust: 2.4
url:https://www.nuuo.com/backend/ckedit/upload/files/nuuo_nvrsolo_v3_9_1_release%20note.pdf
Trust: 1.8
url:http://www.securityfocus.com/bid/105720
Trust: 1.2
url:https://ics-cert.us-cert.gov/advisories/icsa-18-284-01
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1149
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-1149
Trust: 0.8
url:http://www.nuuo.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-19317 // 
            
            
            
            VULHUB: VHN-121354 // 
            
            
            
            VULMON: CVE-2018-1149 // 
            
            
            
            BID: 105720 // 
            
            
            
            JVNDB: JVNDB-2018-011477 // 
            
            
            
            CNNVD: CNNVD-201809-862 // 
            
            
            
            NVD: CVE-2018-1149

CREDITS
Jacob Baines of Tenable
Trust: 0.3
sources:
            
            
            BID: 105720

SOURCES
db:IVDid:e2fb9481-39ab-11e9-880f-000c29342cb1
db:CNVDid:CNVD-2018-19317
db:VULHUBid:VHN-121354
db:VULMONid:CVE-2018-1149
db:BIDid:105720
db:JVNDBid:JVNDB-2018-011477
db:CNNVDid:CNNVD-201809-862
db:NVDid:CVE-2018-1149

LAST UPDATE DATE
2024-11-23T22:12:21.206000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-19317date:2018-09-19T00:00:00
db:VULHUBid:VHN-121354date:2018-12-07T00:00:00
db:VULMONid:CVE-2018-1149date:2018-12-07T00:00:00
db:BIDid:105720date:2018-10-11T00:00:00
db:JVNDBid:JVNDB-2018-011477date:2019-01-15T00:00:00
db:CNNVDid:CNNVD-201809-862date:2018-10-16T00:00:00
db:NVDid:CVE-2018-1149date:2024-11-21T03:59:17.307

SOURCES RELEASE DATE
db:IVDid:e2fb9481-39ab-11e9-880f-000c29342cb1date:2018-09-19T00:00:00
db:CNVDid:CNVD-2018-19317date:2018-09-19T00:00:00
db:VULHUBid:VHN-121354date:2018-09-19T00:00:00
db:VULMONid:CVE-2018-1149date:2018-09-19T00:00:00
db:BIDid:105720date:2018-10-11T00:00:00
db:JVNDBid:JVNDB-2018-011477date:2019-01-15T00:00:00
db:CNNVDid:CNNVD-201809-862date:2018-09-20T00:00:00
db:NVDid:CVE-2018-1149date:2018-09-19T15:29:06.063