NUUO.Surveillance.Application.Password.Reset
Description
This indicates an attack attempt to exploit an Improper Authorization vulnerability in NUUO and Netgear Network Video Recorder (NVR) products.
The vulnerability is due to a lack of sanitizing of user supplied inputs in the application. A remote attacker may be able to exploit this to leverage their privileges on vulnerable systems.
Affected Products
NUUO NVRmini 2, firmware v1.7.5 to 3.0.0 (latest version v3.0.0 requires authentication)
NUUO NVRsolo, firmware v1.7.5 to 3.0.0 (latest version v3.0.0 requires authentication)
ReadyNAS Surveillance, v1.1.1 to v1.4.1
Impact
Privilege Escalation: Remote attackers can leverage their privilege on the vulnerable systems.
Recommended Actions
Currently we are unaware of any vendor supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-06-06 | 14.627 | Severity:medium:high |
2019-04-03 | 14.585 | Default_action:pass:drop |