cvelistv5 - CVE-2018-1149

CVE-2018-1149 (GCVE-0-2018-1149)

Vulnerability from cvelistv5

Published

2018-09-19 15:00

Modified

2024-09-16 20:42

Severity ?

CWE

Stack buffer overflow

Summary

cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.

References

URL

	Vendor	Product	Version
	NUUO	NUUO NVRMini2	Version: All versions prior to version 3.9.1

var-201809-0280

Vulnerability from variot

cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests. NUUO NVRMini2 Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO is one of the monitoring solution providers, and NUUO NVRMini 2 is a NAS-enabled NVR solution. NUUO NVRMini2 has a remote code execution vulnerability. Due to program logic defects, the length of the HTTP header cookie field was not checked when processing the GET request of /cgi-bin/cgi_system and the sprintf function was used for splicing, resulting in a stack overflow. By constructing specially crafted data, an attacker can exploit this vulnerability to execute arbitrary commands on the target device. Failed exploit attempts may result in a denial-of-service condition. NVRmini2 and NVRsolo 3.8.0 and prior are vulnerable. NUUO NVRmini 2 is a video storage management device produced by American NUUO company. There is a security vulnerability in cgi_system in NUUO NVRMini 2 3.8.0 and earlier versions

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0280",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "nvrmini2",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nuuo",
        "version": "3.8.0"
      },
      {
        "model": "nvrmini 2",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nuuo",
        "version": "3.8.0"
      },
      {
        "model": "nvrmini2",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nuuo",
        "version": "03.07.0000.0011"
      },
      {
        "model": "nvrmini2",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nuuo",
        "version": "03.08.0000.0005"
      },
      {
        "model": "nvrmini2",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nuuo",
        "version": "3.8.0"
      },
      {
        "model": "nvrsolo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nuuo",
        "version": "3.8"
      },
      {
        "model": "nvrsolo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nuuo",
        "version": "3.0"
      },
      {
        "model": "nvrsolo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nuuo",
        "version": "2.0"
      },
      {
        "model": "nvrsolo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nuuo",
        "version": "1.0"
      },
      {
        "model": "nvrmini",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nuuo",
        "version": "23.8"
      },
      {
        "model": "nvrmini",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nuuo",
        "version": "23.0"
      },
      {
        "model": "nvrmini",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nuuo",
        "version": "22.0"
      },
      {
        "model": "nvrmini",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nuuo",
        "version": "21.7.5"
      },
      {
        "model": "nvrsolo",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "nuuo",
        "version": "3.9.1"
      },
      {
        "model": "nvrmini",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "nuuo",
        "version": "23.9.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "nvrmini2",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-19317"
      },
      {
        "db": "BID",
        "id": "105720"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011477"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-862"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1149"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:nuuo:nvrmini_2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011477"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jacob Baines of Tenable",
    "sources": [
      {
        "db": "BID",
        "id": "105720"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-1149",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-1149",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-19317",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "e2fb9481-39ab-11e9-880f-000c29342cb1",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-121354",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-1149",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-1149",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-1149",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-19317",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201809-862",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "e2fb9481-39ab-11e9-880f-000c29342cb1",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-121354",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-1149",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-19317"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121354"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1149"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011477"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-862"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1149"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cgi_system in NUUO\u0027s NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests. NUUO NVRMini2 Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO is one of the monitoring solution providers, and NUUO NVRMini 2 is a NAS-enabled NVR solution. NUUO NVRMini2 has a remote code execution vulnerability. Due to program logic defects, the length of the HTTP header cookie field was not checked when processing the GET request of /cgi-bin/cgi_system and the sprintf function was used for splicing, resulting in a stack overflow. By constructing specially crafted data, an attacker can exploit this vulnerability to execute arbitrary commands on the target device. Failed exploit attempts may result in a denial-of-service condition. \nNVRmini2 and NVRsolo 3.8.0 and prior are vulnerable. NUUO NVRmini 2 is a video storage management device produced by American NUUO company. There is a security vulnerability in cgi_system in NUUO NVRMini 2 3.8.0 and earlier versions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1149"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011477"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-19317"
      },
      {
        "db": "BID",
        "id": "105720"
      },
      {
        "db": "IVD",
        "id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121354"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1149"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-1149",
        "trust": 3.7
      },
      {
        "db": "TENABLE",
        "id": "TRA-2018-25",
        "trust": 2.4
      },
      {
        "db": "BID",
        "id": "105720",
        "trust": 1.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-284-01",
        "trust": 1.2
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-862",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-19317",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011477",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "E2FB9481-39AB-11E9-880F-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-121354",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1149",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-19317"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121354"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1149"
      },
      {
        "db": "BID",
        "id": "105720"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011477"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-862"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1149"
      }
    ]
  },
  "id": "VAR-201809-0280",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-19317"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121354"
      }
    ],
    "trust": 1.498015885
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-19317"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:12:21.206000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "NUUO version 3.9.1 Release date_2018.09",
        "trust": 0.8,
        "url": "https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf"
      },
      {
        "title": "NUUO NVRMini 2 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84988"
      },
      {
        "title": "Exp101tsArchiv30thers",
        "trust": 0.1,
        "url": "https://github.com/nu11secur1ty/Exp101tsArchiv30thers "
      },
      {
        "title": "awesome-cve-poc_qazbnm456",
        "trust": 0.1,
        "url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
      },
      {
        "title": "BleepingComputer",
        "trust": 0.1,
        "url": "https://www.bleepingcomputer.com/news/security/critical-rce-peekaboo-bug-in-nvr-surveillance-system-poc-available/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-1149"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011477"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-862"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-121354"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011477"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1149"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://www.tenable.com/security/research/tra-2018-25"
      },
      {
        "trust": 2.4,
        "url": "https://github.com/tenable/poc/tree/master/nuuo/nvrmini2"
      },
      {
        "trust": 1.8,
        "url": "https://www.nuuo.com/backend/ckedit/upload/files/nuuo_nvrsolo_v3_9_1_release%20note.pdf"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/105720"
      },
      {
        "trust": 1.2,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-284-01"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1149"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1149"
      },
      {
        "trust": 0.3,
        "url": "http://www.nuuo.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-19317"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121354"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1149"
      },
      {
        "db": "BID",
        "id": "105720"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011477"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-862"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1149"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-19317"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121354"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1149"
      },
      {
        "db": "BID",
        "id": "105720"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011477"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-862"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1149"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-19T00:00:00",
        "db": "IVD",
        "id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
      },
      {
        "date": "2018-09-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-19317"
      },
      {
        "date": "2018-09-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121354"
      },
      {
        "date": "2018-09-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-1149"
      },
      {
        "date": "2018-10-11T00:00:00",
        "db": "BID",
        "id": "105720"
      },
      {
        "date": "2019-01-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-011477"
      },
      {
        "date": "2018-09-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-862"
      },
      {
        "date": "2018-09-19T15:29:06.063000",
        "db": "NVD",
        "id": "CVE-2018-1149"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-19317"
      },
      {
        "date": "2018-12-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121354"
      },
      {
        "date": "2018-12-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-1149"
      },
      {
        "date": "2018-10-11T00:00:00",
        "db": "BID",
        "id": "105720"
      },
      {
        "date": "2019-01-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-011477"
      },
      {
        "date": "2018-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-862"
      },
      {
        "date": "2024-11-21T03:59:17.307000",
        "db": "NVD",
        "id": "CVE-2018-1149"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-862"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NUUO NVRMini2 Remote code execution vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-19317"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow",
    "sources": [
      {
        "db": "IVD",
        "id": "e2fb9481-39ab-11e9-880f-000c29342cb1"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-862"
      }
    ],
    "trust": 0.8
  }
}

ghsa-wrq3-jg5x-9pp3

Vulnerability from github

Published

2022-05-14 01:51

Modified

2022-05-14 01:51

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-1149"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-19T15:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "cgi_system in NUUO\u0027s NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.",
  "id": "GHSA-wrq3-jg5x-9pp3",
  "modified": "2022-05-14T01:51:58Z",
  "published": "2022-05-14T01:51:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1149"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tenable/poc/tree/master/nuuo/nvrmini2"
    },
    {
      "type": "WEB",
      "url": "https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/research/tra-2018-25"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105720"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2018-1149

Vulnerability from fkie_nvd

Published

2018-09-19 15:29

Modified

2024-11-21 03:59

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.

References

URL	Tags
vulnreport@tenable.com	http://www.securityfocus.com/bid/105720	Third Party Advisory, VDB Entry
vulnreport@tenable.com	https://github.com/tenable/poc/tree/master/nuuo/nvrmini2	Exploit, Third Party Advisory
vulnreport@tenable.com	https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf	Vendor Advisory
vulnreport@tenable.com	https://www.tenable.com/security/research/tra-2018-25	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105720	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tenable/poc/tree/master/nuuo/nvrmini2	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.tenable.com/security/research/tra-2018-25	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	nuuo	nvrmini2_firmware	*
	nuuo	nvrmini2	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:nuuo:nvrmini2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD0B006A-768C-462D-A204-516126B60D41",
              "versionEndIncluding": "3.8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:nuuo:nvrmini2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1532E39C-AADF-458F-9E21-C47197D1CB27",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "cgi_system in NUUO\u0027s NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests."
    },
    {
      "lang": "es",
      "value": "cgi_system en NVRMini2 en versiones 3.8.0 y anteriores de NUUO permite que los atacantes remotos ejecuten c\u00f3digo arbitrario mediante peticiones HTTP manipuladas"
    }
  ],
  "id": "CVE-2018-1149",
  "lastModified": "2024-11-21T03:59:17.307",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-19T15:29:06.063",
  "references": [
    {
      "source": "vulnreport@tenable.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105720"
    },
    {
      "source": "vulnreport@tenable.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/tenable/poc/tree/master/nuuo/nvrmini2"
    },
    {
      "source": "vulnreport@tenable.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf"
    },
    {
      "source": "vulnreport@tenable.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/research/tra-2018-25"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105720"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/tenable/poc/tree/master/nuuo/nvrmini2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/research/tra-2018-25"
    }
  ],
  "sourceIdentifier": "vulnreport@tenable.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ICSA-18-284-01

Vulnerability from csaf_cisa

Published

2018-10-11 00:00

Modified

2018-10-11 00:00

Summary

NUUO NVRmini2 and NVRsolo

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution and user account modification.

Critical infrastructure sectors

Commercial Facilities, Financial Services, Government Facilities, Healthcare and Public Health, Transportation Systems

Countries/areas deployed

Worldwide

Company headquarters location

Taiwan

Recommended Practices

NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Jacob Baines"
        ],
        "organization": "Tenable",
        "summary": "discovering these vulnerabilities"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution and user account modification.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Commercial Facilities, Financial Services, Government Facilities, Healthcare and Public Health, Transportation Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Taiwan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-284-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-284-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-284-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-284-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "NUUO NVRmini2 and NVRsolo",
    "tracking": {
      "current_release_date": "2018-10-11T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-18-284-01",
      "initial_release_date": "2018-10-11T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2018-10-11T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-18-284-01 NUUO NVRmini2 and NVRsolo"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 3.8.0",
                "product": {
                  "name": "NVRmini2 NVRsolo: All Versions 3.8.0 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "NVRmini2 NVRsolo"
          }
        ],
        "category": "vendor",
        "name": "NUUO"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-1149",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A stack-based buffer overflow vulnerability has been identified in which there is no bounds check when a string is passed into an input buffer. As such, a remote unauthenticated attacker can overflow the stack buffer, which could allow remote code execution.CVE-2018-1149 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1149"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "NUUO has developed a fix for the reported vulnerabilities and recommends users update to firmware v3.9.1. The update can be downloaded at the following location:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.nuuo.com/DownloadMainpage.php"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-1150",
      "cwe": {
        "id": "CWE-489",
        "name": "Active Debug Code"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In some cases, files exist on the file system that, when utilized, allow an unauthenticated remote attacker to gain access to and modify sensitive user information, which could allow unauthenticated remote code execution.CVE-2018-1150 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1150"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "NUUO has developed a fix for the reported vulnerabilities and recommends users update to firmware v3.9.1. The update can be downloaded at the following location:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.nuuo.com/DownloadMainpage.php"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

icsa-18-284-01

Vulnerability from csaf_cisa

Published

2018-10-11 00:00

Modified

2018-10-11 00:00

Summary

NUUO NVRmini2 and NVRsolo

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

Risk evaluation

Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution and user account modification.

Critical infrastructure sectors

Commercial Facilities, Financial Services, Government Facilities, Healthcare and Public Health, Transportation Systems

Countries/areas deployed

Worldwide

Company headquarters location

Taiwan

Recommended Practices

NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Jacob Baines"
        ],
        "organization": "Tenable",
        "summary": "discovering these vulnerabilities"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution and user account modification.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Commercial Facilities, Financial Services, Government Facilities, Healthcare and Public Health, Transportation Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Taiwan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-284-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-284-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-284-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-284-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "NUUO NVRmini2 and NVRsolo",
    "tracking": {
      "current_release_date": "2018-10-11T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-18-284-01",
      "initial_release_date": "2018-10-11T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2018-10-11T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-18-284-01 NUUO NVRmini2 and NVRsolo"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 3.8.0",
                "product": {
                  "name": "NVRmini2 NVRsolo: All Versions 3.8.0 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "NVRmini2 NVRsolo"
          }
        ],
        "category": "vendor",
        "name": "NUUO"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-1149",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A stack-based buffer overflow vulnerability has been identified in which there is no bounds check when a string is passed into an input buffer. As such, a remote unauthenticated attacker can overflow the stack buffer, which could allow remote code execution.CVE-2018-1149 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1149"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "NUUO has developed a fix for the reported vulnerabilities and recommends users update to firmware v3.9.1. The update can be downloaded at the following location:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.nuuo.com/DownloadMainpage.php"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-1150",
      "cwe": {
        "id": "CWE-489",
        "name": "Active Debug Code"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In some cases, files exist on the file system that, when utilized, allow an unauthenticated remote attacker to gain access to and modify sensitive user information, which could allow unauthenticated remote code execution.CVE-2018-1150 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1150"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "NUUO has developed a fix for the reported vulnerabilities and recommends users update to firmware v3.9.1. The update can be downloaded at the following location:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.nuuo.com/DownloadMainpage.php"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

cnvd-2018-19317

Vulnerability from cnvd

Title

NUUO NVRMini2远程代码执行漏洞

Description

NUUO是监控解决方案供应商之一，NUUO NVRMini 2是具有NAS功能的NVR解决方案。 NUUO NVRMini2存在远程代码执行漏洞。由于程序逻辑缺陷，在处理/cgi-bin/cgi_system的GET 请求时未检查 HTTP头部Cookie字段的长度而直接使用sprintf函数进行拼接，导致堆栈溢出。攻击者通过构造特制的数据，可利用该溢出漏洞在目标设备上执行任意命令。

Severity

高

Formal description

目前没有详细解决方案提供： https://www.nuuo.com/ProductNode.php?node=2

Reference

https://www.tenable.com/security/research/tra-2018-25 https://github.com/tenable/poc/tree/master/nuuo/nvrmini2

Impacted products

Name
['NUUO NVRMini2 03.07.0000.0011', 'NUUO NVRMini2 03.08.0000.0005']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1149"
    }
  },
  "description": "NUUO\u662f\u76d1\u63a7\u89e3\u51b3\u65b9\u6848\u4f9b\u5e94\u5546\u4e4b\u4e00\uff0cNUUO NVRMini 2\u662f\u5177\u6709NAS\u529f\u80fd\u7684NVR\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nNUUO NVRMini2\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u903b\u8f91\u7f3a\u9677\uff0c\u5728\u5904\u7406/cgi-bin/cgi_system\u7684GET \u8bf7\u6c42\u65f6\u672a\u68c0\u67e5 HTTP\u5934\u90e8Cookie\u5b57\u6bb5\u7684\u957f\u5ea6\u800c\u76f4\u63a5\u4f7f\u7528sprintf\u51fd\u6570\u8fdb\u884c\u62fc\u63a5\uff0c\u5bfc\u81f4\u5806\u6808\u6ea2\u51fa\u3002 \u653b\u51fb\u8005\u901a\u8fc7\u6784\u9020\u7279\u5236\u7684\u6570\u636e\uff0c\u53ef\u5229\u7528\u8be5\u6ea2\u51fa\u6f0f\u6d1e\u5728\u76ee\u6807\u8bbe\u5907\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "Tenable Research",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttps://www.nuuo.com/ProductNode.php?node=2",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-19317",
  "openTime": "2018-09-19",
  "products": {
    "product": [
      "NUUO NVRMini2 03.07.0000.0011",
      "NUUO NVRMini2 03.08.0000.0005"
    ]
  },
  "referenceLink": "https://www.tenable.com/security/research/tra-2018-25\r\nhttps://github.com/tenable/poc/tree/master/nuuo/nvrmini2",
  "serverity": "\u9ad8",
  "submitTime": "2018-09-19",
  "title": "NUUO NVRMini2\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

gsd-2018-1149

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.

Aliases

CVE-2018-1149

Aliases

CVE-2018-1149

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-1149",
    "description": "cgi_system in NUUO\u0027s NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.",
    "id": "GSD-2018-1149"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-1149"
      ],
      "details": "cgi_system in NUUO\u0027s NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests.",
      "id": "GSD-2018-1149",
      "modified": "2023-12-13T01:22:37.220394Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vulnreport@tenable.com",
        "DATE_PUBLIC": "2018-09-17T00:00:00",
        "ID": "CVE-2018-1149",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "NUUO NVRMini2",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions prior to version 3.9.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "NUUO"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "cgi_system in NUUO\u0027s NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Stack buffer overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf",
            "refsource": "CONFIRM",
            "url": "https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf"
          },
          {
            "name": "https://github.com/tenable/poc/tree/master/nuuo/nvrmini2",
            "refsource": "CONFIRM",
            "url": "https://github.com/tenable/poc/tree/master/nuuo/nvrmini2"
          },
          {
            "name": "https://www.tenable.com/security/research/tra-2018-25",
            "refsource": "MISC",
            "url": "https://www.tenable.com/security/research/tra-2018-25"
          },
          {
            "name": "105720",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105720"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:nuuo:nvrmini2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.8.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:nuuo:nvrmini2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnreport@tenable.com",
          "ID": "CVE-2018-1149"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "cgi_system in NUUO\u0027s NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.tenable.com/security/research/tra-2018-25",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.tenable.com/security/research/tra-2018-25"
            },
            {
              "name": "https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.nuuo.com/backend/CKEdit/upload/files/NUUO_NVRsolo_v3_9_1_Release%20note.pdf"
            },
            {
              "name": "https://github.com/tenable/poc/tree/master/nuuo/nvrmini2",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/tenable/poc/tree/master/nuuo/nvrmini2"
            },
            {
              "name": "105720",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105720"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-12-07T19:36Z",
      "publishedDate": "2018-09-19T15:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-1149 (GCVE-0-2018-1149)

Vulnerability from cvelistv5

var-201809-0280

Vulnerability from variot

ghsa-wrq3-jg5x-9pp3

Vulnerability from github

fkie_cve-2018-1149

Vulnerability from fkie_nvd

ICSA-18-284-01

Vulnerability from csaf_cisa

icsa-18-284-01

Vulnerability from csaf_cisa

cnvd-2018-19317

Vulnerability from cnvd

gsd-2018-1149

Vulnerability from gsd

Tags

Sightings

Nomenclature