NUUO Zero-Day Blog
Digital Defense, Inc. is disclosing a vulnerability identified in NUUO NVRmini2 Network Video Recorder devices discovered by our Vulnerability Research Team (VRT). We commend NUUO for their prompt response to the identified flaws and their engineering team’s work with VRT to provide fixes for these cyber security issues.
NUUO has provided a patch for the vulnerability identified on the application. The patched application can be downloaded from NUUO's website. https://www.nuuo.com/DownloadMainpage.php
Clients who currently use Digital Defense’s Frontline.Cloud platform can sweep for the presence of these issues in Frontline VM by performing a full vulnerability assessment scan or selecting CVC NUUO NVRmini2 'lite_mv' Stack Overflow (126553).
Details of the vulnerabilities are as follows:
DDI-VRT-2018-22 – 'lite_mv' Remote Stack Overflow in NUUO NVRmini2 3.9.1
'lite_mv' Remote Stack Overflow in NUUO NVRmini2 3.9.1
Remote, unauthenticated users can execute arbitrary code on the affected system with root privileges.
NUUO NVRmini2 firmware versions 3.9.1 and prior
Sending a crafted GET request to the affected service with a URI length of 351 or greater will trigger the stack overflow. Overflowing of the stack variable, which is intended to hold the request data, results in the overwriting of stored return addresses, and with a properly crafted payload, can be leveraged to achieve arbitrary code execution.
Improper sanitization of user-supplied inputs and lack of length checks on data used in unsafe string operations on local stack variables.