vendor:
NVRMini2
by:
@0x00string
9.8
CVSS
CRITICAL
Stack Overflow
119
CWE
Product Name: NVRMini2
Affected Version From: 3.9.1 and prior
Affected Version To: 3.9.1
Patch Exists: YES
Related CWE: CVE-2018-19864
CPE: a:nuuo:nvrmini2:3.9.1
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: 3.9.1
2018
NUUO NVRMini2 3.9.1 ‘sscanf’ stack overflow
NUUO NVRMini2 3.9.1 is vulnerable to a stack overflow vulnerability due to improper bounds checking of user-supplied input. An attacker can send a specially crafted packet to the vulnerable device to trigger a stack overflow, which can be used to execute arbitrary code.
Mitigation:
Upgrade to the latest version of NUUO NVRMini2 3.9.1 or later.
