You are here

NUUO NVRmini2 and NVRsolo (ICSA-18-284-01)

NUUO NVRmini2 and NVRsolo (ICSA-18-284-01)

Created: Tuesday, October 16, 2018 - 13:16
Categories:
Cybersecurity

The NCCIC has released an advisory on stack-based buffer overflow and leftover debug code vulnerabilities in NUUO NVRmini2 and NVRsolo. Versions 3.8.0 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution and user account modification. NUUO has developed a fix for the reported vulnerabilities and recommends users update to firmware v3.9.1. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.