A vulnerability was found in NUUO Camera up to 20250203. It has been declared as critical. This vulnerability affects the function…
VulDB·CWE-77·Published 2025-02-16
In NUUO Camera bis 20250203 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion print_file der Datei /handle_config.php. Durch Beeinflussen des Arguments log mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
A vulnerability was found in NUUO Camera up to 20250203. It has been declared as critical. This vulnerability affects the function print_file of the file /handle_config.php. The manipulation of the argument log leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in NUUO Camera up to 20250203. It has been declared as critical. This vulnerability affects the function print_file of the file /handle_config.php. The manipulation of the argument log leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Se ha detectado una vulnerabilidad en NUUO Camera hasta 20250203. Se ha declarado como crítica. Esta vulnerabilidad afecta a la función print_file del archivo /handle_config.php. La manipulación del registro de argumentos conduce a la inyección de comandos. El ataque se puede iniciar de forma remota. El exploit se ha divulgado al público y puede utilizarse. Se contactó al proveedor con anticipación sobre esta divulgación, pero no respondió de ninguna manera.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | cve.org | 7.5 | — | — | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| 2.0 | Primary | cve.org | 7.5 | — | — | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| 2.0 | Secondary | NVD | 7.5 | 10.0 | 6.4 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| 3.0 | Primary | cve.org | 7.3 | — | — | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| 3.0 | Primary | cve.org | 7.3 | — | — | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| 3.1 | Primary | cve.org | 7.3 | — | — | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| 3.1 | Primary | cve.org | 7.3 | — | — | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| 3.1 | Secondary | NVD | 7.3 | 3.9 | 3.4 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| 4.0 | Primary | cve.org | 6.9 | — | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| 4.0 | Primary | cve.org | 6.9 | — | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| 4.0 | Secondary | NVD | 6.9 | — | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |