NUUO Zero-Day Blog
Digital Defense, Inc. is disclosing a vulnerability identified in NUUO NVRmini2 Network Video Recorder devices discovered by our Vulnerability Research Team (VRT). We commend NUUO for their prompt response to the identified flaws and their engineering team’s work with VRT to provide fixes for these cyber security issues.
NUUO has provided a patch for the vulnerability identified on the application. The patched application can be downloaded from NUUO's website. https://www.nuuo.com/DownloadMainpage.php
Clients who currently use Fortra Vulnerability Management platform can sweep for the presence of these issues in Fortra VM by performing a full vulnerability assessment scan or selecting CVC NUUO NVRmini2 'lite_mv' Stack Overflow (126553).
Details of the vulnerabilities are as follows:
Summary:
DDI-VRT-2018-22 – 'lite_mv' Remote Stack Overflow in NUUO NVRmini2 3.9.1
Details
Vulnerability
'lite_mv' Remote Stack Overflow in NUUO NVRmini2 3.9.1
Impact
Remote, unauthenticated users can execute arbitrary code on the affected system with root privileges.
Application/Version Affected
NUUO NVRmini2 firmware versions 3.9.1 and prior
Details
Sending a crafted GET request to the affected service with a URI length of 351 or greater will trigger the stack overflow. Overflowing of the stack variable, which is intended to hold the request data, results in the overwriting of stored return addresses, and with a properly crafted payload, can be leveraged to achieve arbitrary code execution.
Root Cause
Improper sanitization of user-supplied inputs and lack of length checks on data used in unsafe string operations on local stack variables.